From f1bd9ef4b2003ef8efadeb85e02ecc3daefc1025 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Fri, 10 Jul 2020 14:28:32 +0200 Subject: [PATCH] Changes after review --- .../tasks/kubernetes/patch-kubeadm-config.yml | 4 +- .../update-kubeadm-image-repository.yml | 87 ++++++++++++------- .../tasks/kubernetes/upgrade-master.yml | 1 + 3 files changed, 57 insertions(+), 35 deletions(-) diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/patch-kubeadm-config.yml b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/patch-kubeadm-config.yml index 07bd3bf115..a0301ceb9c 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/patch-kubeadm-config.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/patch-kubeadm-config.yml @@ -5,10 +5,8 @@ # kube-apiserver uses --encryption-provider-config parameter to control how data is encrypted in etcd. # If this parameter is absent the encryption is not enabled. - name: upgrade-master | Check if encryption of secret data is enabled - shell: >- + command: >- grep -- '--encryption-provider-config' /etc/kubernetes/manifests/kube-apiserver.yaml - args: - executable: /bin/bash register: shell_grep_encryption_flag changed_when: false failed_when: shell_grep_encryption_flag.rc > 1 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/update-kubeadm-image-repository.yml b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/update-kubeadm-image-repository.yml index a2b068a411..feedf35939 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/update-kubeadm-image-repository.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/update-kubeadm-image-repository.yml @@ -1,34 +1,57 @@ --- -# Note: Usage of the --config flag for reconfiguring the cluster during upgrade is not recommended since v1.16 -- name: upgrade-master | Get value of imageRepository from kubeadm-config ConfigMap - shell: kubeadm config view - changed_when: false - register: result - -- name: upgrade-master | Set current value of imageRepository as fact - set_fact: - kubeadm_image_repository: "{{ (result.stdout|from_yaml).imageRepository }}" - -- name: upgrade-master | Set new value for imageRepository as fact - set_fact: - new_kubeadm_image_repository: >- - {%- if kubeadm_image_repository is search(':') -%} - {{ kubeadm_image_repository | regex_replace('^(?P.+):(?P\d+)', image_registry_address) }} - {%- else -%} - {{ image_registry_address }}/{{ kubeadm_image_repository }} - {%- endif -%} - - name: upgrade-master | Patch imageRepository in kubeadm-config ConfigMap - when: - - kubeadm_image_repository != new_kubeadm_image_repository - environment: - KUBECONFIG: /home/{{ admin_user.name }}/.kube/config - shell: |- - set -o pipefail && - # do not use --export option since it has been deprecated in 1.14 - kubectl get cm kubeadm-config -n kube-system -o yaml | - sed 's|imageRepository: {{ kubeadm_image_repository }}|imageRepository: {{ new_kubeadm_image_repository }}|g' | - xargs --null -I config_map_content \ - kubectl patch cm kubeadm-config -n kube-system --patch config_map_content - args: - executable: /bin/bash \ No newline at end of file + block: + - name: upgrade-master | Get kubeadm-config configmap + shell: | + kubectl get configmap kubeadm-config \ + --namespace kube-system \ + --output yaml + environment: + KUBECONFIG: &KUBECONFIG /etc/kubernetes/admin.conf + register: shell_kubeadm_configmap + changed_when: false + + - name: upgrade-master | Patch kubeadm-config configmap (update-kubeadm-image-repository.yml) + when: + - _image_repository_updated != _image_repository # skip the task if nothing changed + shell: | + kubectl patch configmap kubeadm-config \ + --namespace kube-system \ + --patch "$KUBEADM_CONFIGMAP_DOCUMENT" + environment: + KUBECONFIG: *KUBECONFIG + # Render an altered kubeadm-config configmap document + KUBEADM_CONFIGMAP_DOCUMENT: >- + {{ _document | combine(_update2, recursive=true) | to_nice_yaml(indent=2) }} + + vars: + # Parse yaml payload + _document: >- + {{ shell_kubeadm_configmap.stdout | from_yaml }} + + # Extract cluster config + _cluster_config: >- + {{ _document.data.ClusterConfiguration | from_yaml }} + + _image_repository: >- + {{ _cluster_config.imageRepository }} + + _image_repository_updated: >- + {%- if _image_repository is search(':') -%} + {{ _image_repository | regex_replace('^(?P.+):(?P\d+)', image_registry_address) }} + {%- else -%} + {{ image_registry_address }}/{{ _image_repository }} + {%- endif -%} + + # Prepare the cluster config patch + _update1: + imageRepository: "{{ _image_repository_updated }}" + + _cluster_config_updated: >- + {{ _cluster_config | combine(_update1, recursive=true) }} + + # Prepare the final update for the whole document + _update2: + data: + ClusterConfiguration: >- + {{ _cluster_config_updated | to_nice_yaml(indent=2) }} \ No newline at end of file diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master.yml b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master.yml index c376a76019..c869379697 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master.yml @@ -64,6 +64,7 @@ - name: upgrade-master | Wait for cluster's readiness include_tasks: wait.yml + # Note: Usage of the --config flag for reconfiguring the cluster during upgrade is not recommended since v1.16 - name: upgrade-master | Validate whether cluster is upgradeable # Ignore CoreDNSUnsupportedPlugins error since coredns-migration does not support 'hosts' plugin. # This issue is fixed in K8s v1.18, see https://github.com/kubernetes/kubernetes/pull/88482