From 5c5cec79110f75fe484555592671f8caad59ac45 Mon Sep 17 00:00:00 2001
From: Laur IVAN <laur.ivan@ec.europa.eu>
Date: Fri, 27 Feb 2026 04:10:00 +0100
Subject: [PATCH] feat: Introduce tuppr system-upgrade application with
 configurations for managing Talos and Kubernetes upgrades.

---
 .../apps/system-upgrade/kustomization.yaml    |  9 +++++
 .../system-upgrade/tuppr/app/helmrelease.yaml | 16 +++++++++
 .../tuppr/app/kustomization.yaml              |  7 ++++
 .../tuppr/app/ocirepository.yaml              | 14 ++++++++
 kubernetes/apps/system-upgrade/tuppr/ks.yaml  | 35 +++++++++++++++++++
 .../tuppr/upgrades/kubernetesupgrade.yaml     | 19 ++++++++++
 .../tuppr/upgrades/kustomization.yaml         |  7 ++++
 .../tuppr/upgrades/talosupgrade.yaml          | 21 +++++++++++
 8 files changed, 128 insertions(+)
 create mode 100644 kubernetes/apps/system-upgrade/kustomization.yaml
 create mode 100644 kubernetes/apps/system-upgrade/tuppr/app/helmrelease.yaml
 create mode 100644 kubernetes/apps/system-upgrade/tuppr/app/kustomization.yaml
 create mode 100644 kubernetes/apps/system-upgrade/tuppr/app/ocirepository.yaml
 create mode 100644 kubernetes/apps/system-upgrade/tuppr/ks.yaml
 create mode 100644 kubernetes/apps/system-upgrade/tuppr/upgrades/kubernetesupgrade.yaml
 create mode 100644 kubernetes/apps/system-upgrade/tuppr/upgrades/kustomization.yaml
 create mode 100644 kubernetes/apps/system-upgrade/tuppr/upgrades/talosupgrade.yaml

diff --git a/kubernetes/apps/system-upgrade/kustomization.yaml b/kubernetes/apps/system-upgrade/kustomization.yaml
new file mode 100644
index 0000000..f74ffc3
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: system-upgrade
+components:
+  - ../../components/repos/app-template
+resources:
+  - ./tuppr/ks.yaml
diff --git a/kubernetes/apps/system-upgrade/tuppr/app/helmrelease.yaml b/kubernetes/apps/system-upgrade/tuppr/app/helmrelease.yaml
new file mode 100644
index 0000000..87c8bf3
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/tuppr/app/helmrelease.yaml
@@ -0,0 +1,16 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app tuppr
+spec:
+  interval: 1h
+  chartRef:
+    kind: OCIRepository
+    name: *app
+  values:
+    replicaCount: 2
+    monitoring:
+      serviceMonitor:
+        enabled: true
diff --git a/kubernetes/apps/system-upgrade/tuppr/app/kustomization.yaml b/kubernetes/apps/system-upgrade/tuppr/app/kustomization.yaml
new file mode 100644
index 0000000..97c6f5f
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/tuppr/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+  - ./ocirepository.yaml
diff --git a/kubernetes/apps/system-upgrade/tuppr/app/ocirepository.yaml b/kubernetes/apps/system-upgrade/tuppr/app/ocirepository.yaml
new file mode 100644
index 0000000..0c5a478
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/tuppr/app/ocirepository.yaml
@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://schemas.tholinka.dev/source.toolkit.fluxcd.io/ocirepository_v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: tuppr
+spec:
+  interval: 1h
+  layerSelector:
+    mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
+    operation: copy
+  ref:
+    tag: 0.0.73
+  url: oci://ghcr.io/home-operations/charts/tuppr
diff --git a/kubernetes/apps/system-upgrade/tuppr/ks.yaml b/kubernetes/apps/system-upgrade/tuppr/ks.yaml
new file mode 100644
index 0000000..dc22a64
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/tuppr/ks.yaml
@@ -0,0 +1,35 @@
+---
+# yaml-language-server: $schema=https://schemas.tholinka.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: tuppr
+  namespace: &namespace system-upgrade
+spec:
+  interval: 1h
+  path: ./kubernetes/apps/system-upgrade/tuppr/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  targetNamespace: *namespace
+  wait: true
+---
+# yaml-language-server: $schema=https://schemas.tholinka.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: tuppr-upgrades
+  namespace: &namespace system-upgrade
+spec:
+  interval: 1h
+  path: ./kubernetes/apps/system-upgrade/tuppr/upgrades
+  dependsOn:
+    - name: tuppr
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  targetNamespace: *namespace
diff --git a/kubernetes/apps/system-upgrade/tuppr/upgrades/kubernetesupgrade.yaml b/kubernetes/apps/system-upgrade/tuppr/upgrades/kubernetesupgrade.yaml
new file mode 100644
index 0000000..dfddccb
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/tuppr/upgrades/kubernetesupgrade.yaml
@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://schemas.tholinka.dev/tuppr.home-operations.com/kubernetesupgrade_v1alpha1.json
+apiVersion: tuppr.home-operations.com/v1alpha1
+kind: KubernetesUpgrade
+metadata:
+  name: kubernetes
+spec:
+  kubernetes:
+    # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
+    version: v1.35.1
+  healthChecks:
+    - apiVersion: volsync.backube/v1alpha1
+      kind: ReplicationSource
+      expr: |-
+        status.conditions.filter(c, c.type == "Synchronizing").all(c, c.status == "False")
+    - apiVersion: ceph.rook.io/v1
+      kind: CephCluster
+      expr: |-
+        status.ceph.health in ['HEALTH_OK']
diff --git a/kubernetes/apps/system-upgrade/tuppr/upgrades/kustomization.yaml b/kubernetes/apps/system-upgrade/tuppr/upgrades/kustomization.yaml
new file mode 100644
index 0000000..a4e47af
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/tuppr/upgrades/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./kubernetesupgrade.yaml
+  - ./talosupgrade.yaml
diff --git a/kubernetes/apps/system-upgrade/tuppr/upgrades/talosupgrade.yaml b/kubernetes/apps/system-upgrade/tuppr/upgrades/talosupgrade.yaml
new file mode 100644
index 0000000..112237b
--- /dev/null
+++ b/kubernetes/apps/system-upgrade/tuppr/upgrades/talosupgrade.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://schemas.tholinka.dev/tuppr.home-operations.com/talosupgrade_v1alpha1.json
+apiVersion: tuppr.home-operations.com/v1alpha1
+kind: TalosUpgrade
+metadata:
+  name: talos
+spec:
+  talos:
+    # renovate: datasource=docker depName=ghcr.io/siderolabs/installer
+    version: v1.12.4
+  policy:
+    rebootMode: powercycle
+  healthChecks:
+    - apiVersion: volsync.backube/v1alpha1
+      kind: ReplicationSource
+      expr: |-
+        status.conditions.filter(c, c.type == "Synchronizing").all(c, c.status == "False")
+    - apiVersion: ceph.rook.io/v1
+      kind: CephCluster
+      expr: |-
+        status.ceph.health in ['HEALTH_OK']