[k3s-upgrade] [doc] Installation procedure described on README of k3s-upgrade is outdated

[kenta-matsuo]

Environmental Info:
K3s Version:
v1.30.8+k3s1

Node(s) CPU architecture, OS, and Version:
Linux 6.6.34-v8+ #1777 SMP PREEMPT Fri Jun 21 12:40:39 BST 2024 aarch64 GNU/Linux

Cluster Configuration:
1 control-plane
2 workers

Describe the bug:

I tried to install k3s-upgrade following the doc below but system-upgrade-controller pod doesn't work correctly.
https://github.com/k3s-io/k3s-upgrade?tab=readme-ov-file

pi@k3s-maru:~ $ kubectl apply -f https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml
namespace/system-upgrade created
serviceaccount/system-upgrade created
configmap/default-controller-env created
deployment.apps/system-upgrade-controller created

pi@k3s-maru:~ $ kubectl get pods -n system-upgrade
NAME                                        READY   STATUS             RESTARTS      AGE
system-upgrade-controller-d7ff97589-v4dnb   0/1     CrashLoopBackOff   3 (30s ago)   71s
pi@k3s-maru:~ $ kubectl logs system-upgrade-controller-d7ff97589-v4dnb -n system-upgrade
W1229 00:54:37.849786       1 client_config.go:659] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
time="2024-12-29T00:54:37Z" level=fatal msg="Error starting: namespaces \"kube-system\" is forbidden: User \"system:serviceaccount:system-upgrade:system-upgrade\" cannot get resource \"namespaces\" in API group \"\" in the namespace \"kube-system\""

The logs of system-upgrade-controller says that getting API resources is failed by incorrect permission.

I read below doc and redeploy k3s-upgrade by instruction written in it, system-upgrade-controller works correctly.
https://github.com/rancher/system-upgrade-controller/tree/master?tab=readme-ov-file#deploying

pi@k3s-maru:~ $ kubectl apply -k github.com/rancher/system-upgrade-controller
namespace/system-upgrade created
serviceaccount/system-upgrade created
role.rbac.authorization.k8s.io/system-upgrade-controller created
clusterrole.rbac.authorization.k8s.io/system-upgrade-controller created
clusterrole.rbac.authorization.k8s.io/system-upgrade-controller-drainer created
rolebinding.rbac.authorization.k8s.io/system-upgrade created
clusterrolebinding.rbac.authorization.k8s.io/system-upgrade unchanged
clusterrolebinding.rbac.authorization.k8s.io/system-upgrade-drainer unchanged
configmap/default-controller-env created
deployment.apps/system-upgrade-controller created
pi@k3s-maru:~ $ kubectl get all -n system-upgrade
NAME                                            READY   STATUS    RESTARTS   AGE
pod/system-upgrade-controller-d7ff97589-69mbk   1/1     Running   0          13s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/system-upgrade-controller   1/1     1            1           13s

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/system-upgrade-controller-d7ff97589   1         1         1       13s

According to the below commit, the manifests was updated to reduce the permission of system-upgrade-controller.
rancher/system-upgrade-controller@37928ad

So, I think below doc is outdated and need to be updated to avoid confusion.
https://github.com/k3s-io/k3s-upgrade?tab=readme-ov-file