Skip to content

Commit

Permalink
upgrade: kubernetes cleanup and refactor
Browse files Browse the repository at this point in the history
  • Loading branch information
@sk4zuzu
sk4zuzu committed Jul 15, 2020
1 parent 4a0d790 commit f9b7f35
Show file tree
Hide file tree
Showing 33 changed files with 438 additions and 480 deletions.
24 changes: 12 additions & 12 deletions core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/image-registry.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,32 +8,32 @@
- name: Reconfigure Docker for pulling images from local registry
block:
- name: image-registry | Drain node in preparation for Docker reconfiguration
include_tasks: kubernetes/node/drain.yml
include_tasks: kubernetes/utils/drain.yml
when:
- groups['kubernetes_node'] is defined
- inventory_hostname in groups['kubernetes_node']
- groups.kubernetes_node is defined
- inventory_hostname in groups.kubernetes_node

- name: image-registry | Wait for cluster's readiness
include_tasks: kubernetes/wait.yml
include_tasks: kubernetes/utils/wait.yml
when:
- groups['kubernetes_node'] is defined
- inventory_hostname in groups['kubernetes_node']
- groups.kubernetes_node is defined
- inventory_hostname in groups.kubernetes_node

- name: image-registry | Reconfigure Docker if necessary # this restarts Docker daemon
include_role:
name: docker
tasks_from: configure-docker

- name: Include wait-for-kube-apiserver.yml
include_tasks: kubernetes/wait-for-kube-apiserver.yml
include_tasks: kubernetes/utils/wait-for-kube-apiserver.yml
when:
- inventory_hostname in groups['kubernetes_master']
- inventory_hostname in groups.kubernetes_master

- name: image-registry | Uncordon node - mark node as schedulable
include_tasks: kubernetes/node/uncordon.yml
include_tasks: kubernetes/utils/uncordon.yml
when:
- groups['kubernetes_node'] is defined
- inventory_hostname in groups['kubernetes_node']
- groups.kubernetes_node is defined
- inventory_hostname in groups.kubernetes_node

when:
- not image_registry_address in result.stdout
- not image_registry_address in result.stdout
2 changes: 1 addition & 1 deletion core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- delegate_to: "{{ groups.kubernetes_master[0] }}"
block:
- name: Include wait-for-kube-apiserver.yml
import_tasks: kubernetes/wait-for-kube-apiserver.yml
import_tasks: kubernetes/utils/wait-for-kube-apiserver.yml

- name: Include get-cluster-version.yml
import_tasks: kubernetes/get-cluster-version.yml # sets cluster_version
Expand Down
7 changes: 4 additions & 3 deletions ...cli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/Debian/hold-packages.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
- name: "upgrade-master | Hold packages: {{ packages | join(', ') }}"
shell: >-
apt-mark hold {{ packages | join(' ') }}
---
- name: "upgrade-master | Hold packages: {{ packages | join( ', ' ) }}"
command: >-
apt-mark hold {{ packages | join( ' ' ) }}
vars:
packages: >-
{%- if cni_in_kubelet is undefined or not cni_in_kubelet -%}
Expand Down
13 changes: 7 additions & 6 deletions ...i/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/Debian/install-kubeadm.yml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
- name: "upgrade-master | Unhold kubeadm"
shell: >-
---
- name: upgrade-master | Unhold kubeadm
command: >-
apt-mark unhold kubeadm
- name: >-
install-packages | Install kubeadm {{ version }} packages for Debian family
apt:
name: kubeadm={{ version }}-00
update_cache: yes
update_cache: true
state: present

- name: "upgrade-master | Hold kubeadm"
shell: >-
apt-mark hold kubeadm
- name: upgrade-master | Hold kubeadm
command: >-
apt-mark hold kubeadm
13 changes: 6 additions & 7 deletions ...sible/playbooks/roles/upgrade/tasks/kubernetes/Debian/install-packages-cni-in-kubelet.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
changed_when: false

# Unhold before removing to avoid error
- name: "install-packages | Unhold packages: {{ packages | join(', ') }}"
shell: >-
apt-mark unhold {{ packages | join(' ') }}
- name: "install-packages | Unhold packages: {{ packages | join( ', ' ) }}"
command: >-
apt-mark unhold {{ packages | join( ' ' ) }}
vars:
packages: >-
{%- if ansible_facts.packages['kubernetes-cni'] is defined -%}
Expand All @@ -25,8 +25,7 @@
when: ansible_facts.packages['kubelet'][0].version is version(version + '-00', '>')
or ansible_facts.packages['kubectl'][0].version is version(version + '-00', '>')

- name: >-
install-packages | Install kubelet {{ version }} and kubectl {{ version }} packages for Debian family
- name: "install-packages | Install kubelet {{ version }} and kubectl {{ version }} packages for Debian family"
apt:
name:
- kubelet={{ version }}-00 # removes (replaces) kubernetes-cni when full version is 1.17.7-00 but not when 1.17.7-01
Expand All @@ -35,5 +34,5 @@
state: present

- name: install-packages | Hold kubelet and kubectl
shell: >-
apt-mark hold kubelet kubectl
command: >-
apt-mark hold kubelet kubectl
9 changes: 4 additions & 5 deletions .../data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/Debian/install-packages.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

# Unhold before removing to avoid error
- name: install-packages | Unhold kubelet, kubectl and kubernetes-cni
shell: >-
command: >-
apt-mark unhold kubelet kubectl kubernetes-cni
- name: install-packages | Remove newer Debian packages installed as dependencies if they exist # as there is no allow_downgrade parameter in ansible apt module
Expand All @@ -17,8 +17,7 @@
or ansible_facts.packages['kubelet'][0].version is version (version + '-00', '>')
or ansible_facts.packages['kubectl'][0].version is version (version + '-00', '>')

- name: >-
install-packages | Install kubernetes-cni {{ cni_version }}, kubelet {{ version }}, kubectl {{ version }} packages for Debian family
- name: "install-packages | Install kubernetes-cni {{ cni_version }}, kubelet {{ version }}, kubectl {{ version }} packages for Debian family"
apt:
name:
- kubernetes-cni={{ cni_version }}-00
Expand All @@ -28,5 +27,5 @@
state: present

- name: install-packages | Hold kubelet, kubectl and kubernetes-cni
shell: >-
apt-mark hold kubelet kubectl kubernetes-cni
command: >-
apt-mark hold kubelet kubectl kubernetes-cni
9 changes: 4 additions & 5 deletions ...i/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/RedHat/install-kubeadm.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
---
- name: >-
install-packages | Install kubeadm-{{ version }} package for RedHat family
- name: "install-packages | Install kubeadm-{{ version }} package for RedHat family"
yum:
name: kubeadm-{{ version }}-0
update_cache: yes
allow_downgrade: yes
update_cache: true
allow_downgrade: true
disable_excludes: kubernetes
state: present
state: present
9 changes: 4 additions & 5 deletions ...sible/playbooks/roles/upgrade/tasks/kubernetes/RedHat/install-packages-cni-in-kubelet.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
---
- name: >-
install-packages | Install kubelet-{{ version }} and kubectl-{{ version }} packages for RedHat family
- name: "install-packages | Install kubelet-{{ version }} and kubectl-{{ version }} packages for RedHat family"
yum:
name:
- kubelet-{{ version }}-0 # removes (replaces) kubernetes-cni when full version is 1.17.7-0 but not when 1.17.7-1
- kubectl-{{ version }}-0
update_cache: yes
allow_downgrade: yes
update_cache: true
allow_downgrade: true
disable_excludes: kubernetes
state: present
state: present
9 changes: 4 additions & 5 deletions .../data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/RedHat/install-packages.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
---
- name: >-
install-packages | Install kubernetes-cni-{{ cni_version }}, kubelet-{{ version }}, kubectl-{{ version }} packages for RedHat family
- name: "install-packages | Install kubernetes-cni-{{ cni_version }}, kubelet-{{ version }}, kubectl-{{ version }} packages for RedHat family"
yum:
name:
- kubernetes-cni-{{ cni_version }}-0
- kubelet-{{ version }}-0
- kubectl-{{ version }}-0
update_cache: yes
allow_downgrade: yes
update_cache: true
allow_downgrade: true
disable_excludes: kubernetes
state: present
state: present
10 changes: 4 additions & 6 deletions ...epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/downgrade-coredns.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
mode: u=rwx,go=r

- name: Upload and apply template
vars:
file_name: coredns-config-for-k8s-below-1.16.yml
block:
- name: upgrade-master | Upload {{ file_name }} file
template:
Expand All @@ -31,13 +33,9 @@
group: "{{ admin_user.name }}"
mode: u=rw,go=r

- name: upgrade-master | Apply /etc/epiphany/manifests/{{ file_name }} file
- name: "upgrade-master | Apply /etc/epiphany/manifests/{{ file_name }} file"
environment:
KUBECONFIG: /home/{{ admin_user.name }}/.kube/config
shell: |
command: |
kubectl apply \
-f /etc/epiphany/manifests/{{ file_name }}
args:
executable: /bin/bash
vars:
file_name: coredns-config-for-k8s-below-1.16.yml
6 changes: 3 additions & 3 deletions ...icli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/get-cluster-version.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
- name: Get cluster version
environment:
KUBECONFIG: "/home/{{ admin_user.name }}/.kube/config"
shell: >-
set -o pipefail &&
KUBECONFIG: /home/{{ admin_user.name }}/.kube/config
shell: |
set -o errexit -o pipefail
kubectl version --short -o json | jq --raw-output '.serverVersion.gitVersion'
register: cluster_version
changed_when: false
Expand Down
6 changes: 3 additions & 3 deletions ...icli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/get-kubelet-version.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
---
- name: Get kubelet version from API server
environment:
KUBECONFIG: "/home/{{ admin_user.name }}/.kube/config"
shell: >-
KUBECONFIG: /home/{{ admin_user.name }}/.kube/config
command: >-
kubectl get node {{ inventory_hostname }} -o jsonpath='{.status.nodeInfo.kubeletVersion}'
register: kubelet_version
changed_when: false

- name: Set kubelet version as fact
set_fact:
kubelet_version: "{{ kubelet_version.stdout }}"
kubelet_version: "{{ kubelet_version.stdout }}"
7 changes: 0 additions & 7 deletions core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/node/drain.yml
View file

This file was deleted.

11 changes: 0 additions & 11 deletions ...src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/node/uncordon.yml
View file

This file was deleted.

30 changes: 12 additions & 18 deletions ...tasks/kubernetes/patch-kubeadm-config.yml → ...ernetes/patch-kubeadm-etcd-encryption.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,48 +7,42 @@
- name: upgrade-master | Check if encryption of secret data is enabled
command: >-
grep -- '--encryption-provider-config' /etc/kubernetes/manifests/kube-apiserver.yaml
register: shell_grep_encryption_flag
register: command_grep_encryption_flag
changed_when: false
failed_when: shell_grep_encryption_flag.rc > 1
failed_when: command_grep_encryption_flag.rc > 1

- name: upgrade-master | Patch kubeadm-config ConfigMap if needed
when:
- shell_grep_encryption_flag.rc == 0 # encryption enabled
- command_grep_encryption_flag.rc == 0 # encryption enabled
run_once: true # makes no sense to execute it more than once (would be redundant)
environment:
KUBECONFIG: /home/{{ admin_user.name }}/.kube/config
block:
- name: Get kubeadm-config ConfigMap
shell: |
command: |
kubectl get configmap kubeadm-config \
--namespace kube-system \
--output yaml
args:
executable: /bin/bash
environment:
KUBECONFIG: &KUBECONFIG /etc/kubernetes/admin.conf
register: shell_kubeadm_configmap
register: command_kubeadm_configmap
changed_when: false

# The following procedure ensures that etcd encryption is always enabled during subsequent kubeadm executions
- name: upgrade-master | Patch and re-apply the kubeadm-config ConfigMap
- name: upgrade-master | Patch kubeadm-config configmap (patch-kubeadm-etcd-encryption.yml)
when:
- _kubeadm_api_server_extra_args['encryption-provider-config'] is undefined
shell: |
kubectl apply \
command: |
kubectl patch configmap kubeadm-config \
--namespace kube-system \
--filename - \
<<< "$KUBEADM_CONFIGMAP_DOCUMENT"
args:
executable: /bin/bash
--patch "$KUBEADM_CONFIGMAP_DOCUMENT"
environment:
KUBECONFIG: *KUBECONFIG
# Render an altered kubeadm-config configmap document
KUBEADM_CONFIGMAP_DOCUMENT: >-
{{ _document | combine(_update2, recursive=true) | to_nice_yaml(indent=2) }}
vars:
# Parse yaml payload
_document: >-
{{ shell_kubeadm_configmap.stdout | from_yaml }}
{{ command_kubeadm_configmap.stdout | from_yaml }}
# Extract cluster config
_cluster_config: >-
Expand Down
Loading

0 comments on commit f9b7f35

Please sign in to comment.