Skip to content
Normal view Permalink
pre-upgrade.yml 3.49 KiB
Newer Older
Matthew Mosesohn's avatar
Deploy kubelet and kube-apiserver as containers
Matthew Mosesohn committed
1 2 3 4 5 
---
- name: "Pre-upgrade | check for kube-apiserver unit file"
  stat:
    path: /etc/systemd/system/kube-apiserver.service
  register: kube_apiserver_service_file
Bogdan Dobrelya's avatar
Add tags  
Bogdan Dobrelya committed
6 
  tags: [facts, kube-apiserver]
Matthew Mosesohn's avatar
Deploy kubelet and kube-apiserver as containers
Matthew Mosesohn committed
7 8 9 10 11 

- name: "Pre-upgrade | check for kube-apiserver init script"
  stat:
    path: /etc/init.d/kube-apiserver
  register: kube_apiserver_init_script
Bogdan Dobrelya's avatar
Add tags  
Bogdan Dobrelya committed
12 
  tags: [facts, kube-apiserver]
Matthew Mosesohn's avatar
Deploy kubelet and kube-apiserver as containers
Matthew Mosesohn committed
13 14 15 16 17 18 

- name: "Pre-upgrade | stop kube-apiserver if service defined"
  service:
    name: kube-apiserver
    state: stopped
  when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
Bogdan Dobrelya's avatar
Add tags  
Bogdan Dobrelya committed
19 
  tags: kube-apiserver
Matthew Mosesohn's avatar
Fix canal's calico networking config for ETCD TLS  
Matthew Mosesohn committed
20 21 22 23 24 25 26 27 28 

- name: "Pre-upgrade | remove kube-apiserver service definition"
  file:
    path: "{{ item }}"
    state: absent
  when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
  with_items:
    - /etc/systemd/system/kube-apiserver.service
    - /etc/init.d/kube-apiserver
Bogdan Dobrelya's avatar
Add tags  
Bogdan Dobrelya committed
29 
  tags: kube-apiserver
Matthew Mosesohn's avatar
Individual etcd ssl certs  
Matthew Mosesohn committed
30 31 32 33 34 35 

- name: "Pre-upgrade | See if kube-apiserver manifest exists"
  stat:
    path: /etc/kubernetes/manifests/kube-apiserver.manifest
  register: kube_apiserver_manifest
Matthew Mosesohn's avatar
Migrate k8s data to etcd3 api store  
Matthew Mosesohn committed
36 37 38 39 40 
- name: "Pre-upgrade | etcd3 upgrade | see if old config exists"
  command: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} ls /registry/minions"
  environment:
    ETCDCTL_API: 2
  register: old_data_exists
Matthew Mosesohn's avatar
Significantly reduce memory requirements  
Matthew Mosesohn committed
41 
  delegate_to: "{{groups['etcd'][0]}}"
Matthew Mosesohn's avatar
Migrate k8s data to etcd3 api store  
Matthew Mosesohn committed
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 
  when: kube_apiserver_storage_backend == "etcd3"
  failed_when: false

- name: "Pre-upgrade | etcd3 upgrade | see if data was already migrated"
  command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} get --limit=1 --prefix=true /registry/minions"
  environment:
    ETCDCTL_API: 3
  register: data_migrated
  delegate_to: "{{groups['etcd'][0]}}"
  when: kube_apiserver_storage_backend == "etcd3"
  failed_when: false

- name: "Pre-upgrade | etcd3 upgrade | set needs_etcd_migration"
  set_fact:
    needs_etcd_migration: "{{ kube_apiserver_storage_backend == 'etcd3' and data_migrated.stdout_lines|length == 0 and old_data_exists.rc == 0 }}"
Matthew Mosesohn's avatar
restart scheduler and controller-manager too  
Matthew Mosesohn committed
58 
- name: "Pre-upgrade | Write invalid image to master manifests on all kube-masters"
Matthew Mosesohn's avatar
Individual etcd ssl certs  
Matthew Mosesohn committed
59 
  replace:
Matthew Mosesohn's avatar
restart scheduler and controller-manager too  
Matthew Mosesohn committed
60 
    dest: "/etc/kubernetes/manifests/{{item[1]}}.manifest"
Matthew Mosesohn's avatar
Individual etcd ssl certs  
Matthew Mosesohn committed
61 62 
    regexp: '(\s+)image:\s+.*?$'
    replace: '\1image: kill.apiserver.using.fake.image.in:manifest'
Matthew Mosesohn's avatar
restart scheduler and controller-manager too  
Matthew Mosesohn committed
63 64 65 66 
  delegate_to: "{{item[0]}}"
  with_nested:
    - "{{groups['kube-master']}}"
    - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
Matthew Mosesohn's avatar
Individual etcd ssl certs  
Matthew Mosesohn committed
67 
  register: kube_apiserver_manifest_replaced
Matthew Mosesohn's avatar
Migrate k8s data to etcd3 api store  
Matthew Mosesohn committed
68 
  when: (secret_changed|default(false) or etcd_secret_changed|default(false) or needs_etcd_migration|bool) and kube_apiserver_manifest.stat.exists
Matthew Mosesohn's avatar
Individual etcd ssl certs  
Matthew Mosesohn committed
69 70 

- name: "Pre-upgrade | Pause while waiting for kubelet to delete kube-apiserver pod"
Andrew Greenwood's avatar
Cleanup legacy syntax, spacing, files all to yml  
Andrew Greenwood committed
71 72 
  pause:
    seconds: 20
Matthew Mosesohn's avatar
Migrate k8s data to etcd3 api store  
Matthew Mosesohn committed
73 
  when: kube_apiserver_manifest_replaced.changed
Matthew Mosesohn's avatar
Individual etcd ssl certs  
Matthew Mosesohn committed
74 75 
  tags: kube-apiserver
Matthew Mosesohn's avatar
Migrate k8s data to etcd3 api store  
Matthew Mosesohn committed
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 
- name: "Pre-upgrade | etcd3 upgrade | stop etcd"
  service:
    name: etcd
    state: stopped
  delegate_to: "{{item}}"
  with_items: "{{groups['etcd']}}"
  when: needs_etcd_migration|bool

- name: "Pre-upgrade | etcd3 upgrade | migrate data"
  command: "{{ bin_dir }}/etcdctl migrate --data-dir=\"{{ etcd_data_dir }}\" --wal-dir=\"{{ etcd_data_dir }}/member/wal\""
  environment:
    ETCDCTL_API: 3
  delegate_to: "{{item}}"
  with_items: "{{groups['etcd']}}"
  register: etcd_migrated
  when: needs_etcd_migration|bool

- name: "Pre-upgrade | etcd3 upgrade | start etcd"
  service:
    name: etcd
    state: started
  delegate_to: "{{item}}"
  with_items: "{{groups['etcd']}}"
  when: needs_etcd_migration|bool