Kubelet csr approver fixes (#10165)

* Fix upgrade-path for kubelet-csr-approver Fixes an error when you enable kubelet-csr-approver when upgrading. It hangs waiting for the certificate to be approved since the kubelet-csr-approver is not installed yet. * Add missing package when using helm role
1 year ago · 4c76feb574
11 changed files with 38 additions and 1 deletions
--- a/playbooks/upgrade_cluster.yml
+++ b/playbooks/upgrade_cluster.yml
@ -84,6 +84,7 @@
  roles:
    - { role: kubespray-defaults }
    - { role: upgrade/pre-upgrade, tags: pre-upgrade }
+    - { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver }
    - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
    - { role: kubernetes/node, tags: node }
    - { role: kubernetes/control-plane, tags: master, upgrade_cluster_setup: true }
@ -104,7 +105,6 @@
    - { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller }
    - { role: network_plugin, tags: network }
    - { role: kubernetes-apps/network_plugin, tags: network }
-    - { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver }
    - { role: kubernetes-apps/policy_controller, tags: policy-controller }

 - name: Finally handle worker upgrades, based on given batch size
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@ -1,4 +1,23 @@
 ---
+- name: Helm | Gather os specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
+        - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
+        - defaults.yml
+      paths:
+        - ../vars
+      skip: true
+
+- name: Helm | Install PyYaml
+  package:
+    name: "{{ pyyaml_package }}"
+    state: present
+
 - name: Helm | Download helm
  include_tasks: "../../../download/tasks/download_file.yml"
  vars:
--- a/roles/kubernetes-apps/helm/vars/amazon.yml
+++ b/roles/kubernetes-apps/helm/vars/amazon.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: PyYAML
--- a/roles/kubernetes-apps/helm/vars/centos-9.yml
+++ b/roles/kubernetes-apps/helm/vars/centos-9.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: python3-pyyaml
--- a/roles/kubernetes-apps/helm/vars/centos.yml
+++ b/roles/kubernetes-apps/helm/vars/centos.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: PyYAML
--- a/roles/kubernetes-apps/helm/vars/debian.yml
+++ b/roles/kubernetes-apps/helm/vars/debian.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: python3-yaml
--- a/roles/kubernetes-apps/helm/vars/fedora.yml
+++ b/roles/kubernetes-apps/helm/vars/fedora.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: python3-pyyaml
--- a/roles/kubernetes-apps/helm/vars/redhat-9.yml
+++ b/roles/kubernetes-apps/helm/vars/redhat-9.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: python3-pyyaml
--- a/roles/kubernetes-apps/helm/vars/redhat.yml
+++ b/roles/kubernetes-apps/helm/vars/redhat.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: PyYAML
--- a/roles/kubernetes-apps/helm/vars/suse.yml
+++ b/roles/kubernetes-apps/helm/vars/suse.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: PyYAML
--- a/roles/kubernetes-apps/helm/vars/ubuntu.yml
+++ b/roles/kubernetes-apps/helm/vars/ubuntu.yml
@ -0,0 +1,2 @@
+---
+pyyaml_package: python3-yaml