Do not prune the namespace if the SUP is installed in cattle-system

Most of the things in cattle-system are not Project syn managed and
this can cause an unexpected loss of not Project Syn managed things.

.cruft.json

@@ -7,7 +7,7 @@
       "name": "system-upgrade-controller",
       "slug": "system-upgrade-controller",
       "parameter_key": "system_upgrade_controller",
-      "test_cases": "defaults",
+      "test_cases": "defaults cattle-system",
       "add_lib": "y",
       "add_pp": "n",
       "add_golden": "y",

Makefile.vars.mk

@@ -57,3 +57,4 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= defaults
+test_instances = tests/defaults.yml tests/cattle-system.yml

component/main.jsonnet

@@ -21,7 +21,20 @@ local sucImage =
   else
     '%(registry)s/%(repository)s:%(tag)s' % params.images.system_upgrade_controller;
 
-local namespace = kube.Namespace(params.namespace);
+local cattleSystemNamespaceNoPrune =
+  if params.namespace == 'cattle-system' then
+    {
+      metadata+: {
+        annotations+: {
+          'argocd.argoproj.io/sync-options': 'Prune=false',
+        },
+      },
+    }
+  else
+    {};
+
+local namespace = kube.Namespace(params.namespace) +
+                  cattleSystemNamespaceNoPrune;
 
 local serviceaccount = kube.ServiceAccount(params.service_account) {
   metadata+: {

tests/cattle-system.yml

@@ -0,0 +1,3 @@
+parameters:
+  system_upgrade_controller:
+    namespace: cattle-system

tests/golden/cattle-system/system-upgrade-controller/system-upgrade-controller/00_namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+  labels:
+    name: cattle-system
+  name: cattle-system

tests/golden/cattle-system/system-upgrade-controller/system-upgrade-controller/01_serviceaccount.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations: {}
+  labels:
+    name: system-upgrade
+  name: system-upgrade
+  namespace: cattle-system

tests/golden/cattle-system/system-upgrade-controller/system-upgrade-controller/02_clusterrolebinding.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: system-upgrade
+  name: system-upgrade
+  namespace: cattle-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: system-upgrade
+    namespace: cattle-system

tests/golden/cattle-system/system-upgrade-controller/system-upgrade-controller/03_configmap.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+data:
+  SYSTEM_UPGRADE_CONTROLLER_DEBUG: 'false'
+  SYSTEM_UPGRADE_CONTROLLER_THREADS: '2'
+  SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: '900'
+  SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: '3'
+  SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: Always
+  SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: rancher/kubectl:v1.17.0
+  SYSTEM_UPGRADE_JOB_PRIVILEGED: 'true'
+  SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: '900'
+  SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m
+kind: ConfigMap
+metadata:
+  annotations: {}
+  labels:
+    name: default-controller-env
+  name: default-controller-env
+  namespace: cattle-system

tests/golden/cattle-system/system-upgrade-controller/system-upgrade-controller/04_deployment.yaml

@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/instance: c-green-test-1234
+    app.kubernetes.io/managed-by: syn
+    app.kubernetes.io/name: system-upgrade-controller
+    name: system-upgrade-controller
+  name: system-upgrade-controller
+  namespace: cattle-system
+spec:
+  minReadySeconds: 30
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      upgrade.cattle.io/controller: system-upgrade-controller
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        upgrade.cattle.io/controller: system-upgrade-controller
+    spec:
+      affinity: {}
+      containers:
+        - args: []
+          env:
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.labels['upgrade.cattle.io/controller']
+            - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          envFrom:
+            - configMapRef:
+                name: default-controller-env
+          image: docker.io/rancher/system-upgrade-controller:v0.13.1
+          imagePullPolicy: IfNotPresent
+          name: system-upgrade-controller
+          ports: []
+          resources:
+            limits:
+              cpu: 500m
+              memory: 128Mi
+            requests:
+              cpu: 250m
+              memory: 64Mi
+          stdin: false
+          tty: false
+          volumeMounts:
+            - mountPath: /etc/ssl
+              name: etc-ssl
+            - mountPath: /tmp
+              name: tmp
+      imagePullSecrets: []
+      initContainers: []
+      serviceAccountName: system-upgrade
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - hostPath:
+            path: /etc/ssl
+            type: Directory
+          name: etc-ssl
+        - emptyDir: {}
+          name: tmp