Maxime Guyot
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with
31 additions and
15 deletions
-
roles/kubernetes/kubeadm/tasks/main.yml
-
roles/kubernetes/master/tasks/kubeadm-setup.yml
-
roles/kubernetes/master/tasks/pre-upgrade.yml
-
roles/kubernetes/node/tasks/pre_upgrade.yml
-
roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
-
roles/kubernetes/tokens/tasks/gen_tokens.yml
|
|
|
@ -22,8 +22,10 @@ |
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}" |
|
|
|
run_once: true |
|
|
|
|
|
|
|
- name: Calculate kubeadm CA cert hash # noqa 306 |
|
|
|
shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' |
|
|
|
- name: Calculate kubeadm CA cert hash |
|
|
|
shell: set -o pipefail && openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' |
|
|
|
args: |
|
|
|
executable: /bin/bash |
|
|
|
register: kubeadm_ca_hash |
|
|
|
when: |
|
|
|
- kubeadm_ca_stat.stat is defined |
|
|
|
@ -107,11 +109,13 @@ |
|
|
|
|
|
|
|
# FIXME(mattymo): Need to point to localhost, otherwise masters will all point |
|
|
|
# incorrectly to first master, creating SPoF. |
|
|
|
- name: Update server field in kube-proxy kubeconfig # noqa 306 |
|
|
|
- name: Update server field in kube-proxy kubeconfig |
|
|
|
shell: >- |
|
|
|
{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml |
|
|
|
set -o pipefail && {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml |
|
|
|
| sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g' |
|
|
|
| {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f - |
|
|
|
args: |
|
|
|
executable: /bin/bash |
|
|
|
run_once: true |
|
|
|
delegate_to: "{{ groups['kube-master']|first }}" |
|
|
|
delegate_facts: false |
|
|
|
|
|
|
|
@ -47,8 +47,10 @@ |
|
|
|
when: |
|
|
|
- old_apiserver_cert.stat.exists |
|
|
|
|
|
|
|
- name: kubeadm | Forcefully delete old static pods # noqa 306 |
|
|
|
shell: "docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f" |
|
|
|
- name: kubeadm | Forcefully delete old static pods |
|
|
|
shell: "set -o pipefail && docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f" |
|
|
|
args: |
|
|
|
executable: /bin/bash |
|
|
|
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"] |
|
|
|
when: |
|
|
|
- old_apiserver_cert.stat.exists |
|
|
|
|
|
|
|
@ -8,8 +8,10 @@ |
|
|
|
register: kube_apiserver_manifest_replaced |
|
|
|
when: etcd_secret_changed|default(false) |
|
|
|
|
|
|
|
- name: "Pre-upgrade | Delete master containers forcefully" # noqa 306 503 |
|
|
|
shell: "docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f" |
|
|
|
- name: "Pre-upgrade | Delete master containers forcefully" # noqa 503 |
|
|
|
shell: "set -o pipefail && docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f" |
|
|
|
args: |
|
|
|
executable: /bin/bash |
|
|
|
with_items: |
|
|
|
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"] |
|
|
|
when: kube_apiserver_manifest_replaced.changed |
|
|
|
|
|
|
|
@ -1,11 +1,14 @@ |
|
|
|
--- |
|
|
|
- name: "Pre-upgrade | check if kubelet container exists" # noqa 306 |
|
|
|
- name: "Pre-upgrade | check if kubelet container exists" |
|
|
|
shell: >- |
|
|
|
set -o pipefail && |
|
|
|
{% if container_manager in ['crio', 'docker'] %} |
|
|
|
docker ps -af name=kubelet | grep kubelet |
|
|
|
{% elif container_manager == 'containerd' %} |
|
|
|
crictl ps --all --name kubelet | grep kubelet |
|
|
|
{% endif %} |
|
|
|
args: |
|
|
|
executable: /bin/bash |
|
|
|
failed_when: false |
|
|
|
changed_when: false |
|
|
|
register: kubelet_container_check |
|
|
|
|
|
|
|
@ -158,8 +158,10 @@ |
|
|
|
when: |
|
|
|
- kube_network_plugin == 'calico' |
|
|
|
|
|
|
|
- name: "Get current version of calico cluster version" # noqa 306 |
|
|
|
shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'" |
|
|
|
- name: "Get current version of calico cluster version" |
|
|
|
shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'" |
|
|
|
args: |
|
|
|
executable: /bin/bash |
|
|
|
register: calico_version_on_server |
|
|
|
run_once: yes |
|
|
|
changed_when: false |
|
|
|
|
|
|
|
@ -42,18 +42,21 @@ |
|
|
|
run_once: true |
|
|
|
when: sync_tokens|default(false) |
|
|
|
|
|
|
|
- name: Gen_tokens | Gather tokens # noqa 306 |
|
|
|
shell: "tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0" |
|
|
|
- name: Gen_tokens | Gather tokens |
|
|
|
shell: "set -o pipefail && tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0" |
|
|
|
args: |
|
|
|
warn: false |
|
|
|
executable: /bin/bash |
|
|
|
register: tokens_data |
|
|
|
check_mode: no |
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}" |
|
|
|
run_once: true |
|
|
|
when: sync_tokens|default(false) |
|
|
|
|
|
|
|
- name: Gen_tokens | Copy tokens on masters # noqa 306 |
|
|
|
shell: "echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /" |
|
|
|
- name: Gen_tokens | Copy tokens on masters |
|
|
|
shell: "set -o pipefail && echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /" |
|
|
|
args: |
|
|
|
executable: /bin/bash |
|
|
|
when: |
|
|
|
- inventory_hostname in groups['kube-master'] |
|
|
|
- sync_tokens|default(false) |
|
|
|
|
