From 7f87ce0362303a3d68720af37527445163e20680 Mon Sep 17 00:00:00 2001
From: Lovro Seder <vrovro@gmail.com>
Date: Thu, 27 Feb 2020 20:47:28 +0100
Subject: [PATCH] Upgrade container-engine after draining (#5601)

* Run 'container-engine' after drain.

Move possibly disruptive role 'container-engine' to run after the node
is drained.

As that role have to be run on non-cluster nodes as well (etcd and
calico-rr), and those nodes are not drained, add play for that case.

* Check if api is up before upgrade.

If container engine is restarted in previous role, api controller can
take some time to start. This check ensures api is up before upgrade.
---
 .../kubernetes/master/tasks/kubeadm-upgrade.yml  | 10 ++++++++++
 upgrade-cluster.yml                              | 16 +++++++++++++---
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/roles/kubernetes/master/tasks/kubeadm-upgrade.yml b/roles/kubernetes/master/tasks/kubeadm-upgrade.yml
index 448a71baa..fcd197ae4 100644
--- a/roles/kubernetes/master/tasks/kubeadm-upgrade.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-upgrade.yml
@@ -1,4 +1,14 @@
 ---
+- name: kubeadm | Check api is up
+  uri:
+    url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:6443/healthz"
+    validate_certs: false
+  when: inventory_hostname == groups['kube-master']|first
+  register: _result
+  retries: 60
+  delay: 5
+  until: _result.status == 200
+
 - name: kubeadm | Upgrade first master
   command: >-
     timeout -k 600s 600s
diff --git a/upgrade-cluster.yml b/upgrade-cluster.yml
index a20b1ec88..c0c256283 100644
--- a/upgrade-cluster.yml
+++ b/upgrade-cluster.yml
@@ -30,16 +30,24 @@
     - { role: kubespray-defaults}
     - { role: bootstrap-os, tags: bootstrap-os}
 
-- hosts: k8s-cluster:etcd:calico-rr
+- name: Prepare nodes for upgrade
+  hosts: k8s-cluster:etcd:calico-rr
   any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
-  serial: "{{ serial | default('20%') }}"
   roles:
     - { role: kubespray-defaults}
     - { role: kubernetes/preinstall, tags: preinstall }
-    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
     - { role: download, tags: download, when: "not skip_downloads" }
   environment: "{{ proxy_env }}"
 
+- name: Upgrade container engine on non-cluster nodes
+  hosts: etcd:calico-rr:!k8s-cluster
+  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
+  serial: "{{ serial | default('20%') }}"
+  roles:
+    - { role: kubespray-defaults}
+    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
+  environment: "{{ proxy_env }}"
+
 - hosts: etcd
   any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
   roles:
@@ -69,6 +77,7 @@
   roles:
     - { role: kubespray-defaults}
     - { role: upgrade/pre-upgrade, tags: pre-upgrade }
+    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
     - { role: kubernetes/node, tags: node }
     - { role: kubernetes/master, tags: master, upgrade_cluster_setup: true }
     - { role: kubernetes/client, tags: client }
@@ -94,6 +103,7 @@
   roles:
     - { role: kubespray-defaults}
     - { role: upgrade/pre-upgrade, tags: pre-upgrade }
+    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
     - { role: kubernetes/node, tags: node }
     - { role: kubernetes/kubeadm, tags: kubeadm }
     - { role: kubernetes/node-label, tags: node-label }
-- 
GitLab