Upgrade Kubernetes to v1.18.6

CHANGELOG-0.7.md

@@ -4,21 +4,26 @@
 
 ### Added
 
-- Minor logging improvements added while fixing issue [#1424](https://github.com/epiphany-platform/epiphany/issues/1424).
+- Minor logging improvements added while fixing issue [#1424](https://github.com/epiphany-platform/epiphany/issues/1424)
 - [#1438](https://github.com/epiphany-platform/epiphany/pull/1438) - Rename Terraform plugin vendor in VSCode recommendations
 
+### Updated
+
+- [#1479](https://github.com/epiphany-platform/epiphany/issues/1479) - Upgrade K8s to v1.18.6
+
 ### Fixed
 
 - [#1424](https://github.com/epiphany-platform/epiphany/issues/1424) - Terraform returning an error during deployments on Azure ("A retryable error occurred.")
 - [#1399](https://github.com/epiphany-platform/epiphany/issues/1399) - Epicli upgrade: Kubernetes upgrade may hang
 - [#1398](https://github.com/epiphany-platform/epiphany/issues/1398) - Vault installation fails when using canal/calico network plugin
 - [#1412](https://github.com/epiphany-platform/epiphany/issues/1412) - Certificate in Vault is also generated or copied even if flag in configuration tls_disable is set to true
-- [#1408](https://github.com/epiphany-platform/epiphany/issues/1408) - Epiphany does not support upgrades for Kubernetes in HA mode
+- [#1408](https://github.com/epiphany-platform/epiphany/issues/1408) - Epicli upgrade: Epiphany does not support upgrades for Kubernetes in HA mode
 - [#1482](https://github.com/epiphany-platform/epiphany/issues/1482) - Epicli upgrade: flannel CNI plugin is not upgraded to v0.12.0
-- [#1462](https://github.com/epiphany-platform/epiphany/issues/1461) - [BUG] Error upgrading AWS/RHEL/calico cluster from 0.6 to 0.7
+- [#1462](https://github.com/epiphany-platform/epiphany/issues/1461) - Epicli upgrade: [AWS/RHEL/calico] Upgrading cluster from 0.6 to 0.7 fails
+- [#1072](https://github.com/epiphany-platform/epiphany/issues/1072) - [AWS/RHEL] Cluster networking issues/lags when using flannel/canal plugin
 - [#802](https://github.com/epiphany-platform/epiphany/issues/802) - Docker version is hard-coded in installation tasks
 - [#1495](https://github.com/epiphany-platform/epiphany/issues/1495) - Offline installation is broken for CentOS 7.8 environments
-- [#1347](https://github.com/epiphany-platform/epiphany/issues/1347) - [BUG] Kibana config always points its elasticsearch.hosts to a "logging" VM
+- [#1347](https://github.com/epiphany-platform/epiphany/issues/1347) - Kibana config always points its elasticsearch.hosts to a "logging" VM
 - [#1336](https://github.com/epiphany-platform/epiphany/issues/1336) - Deployment of version 0.7.0 failed on-prem (spec.hostname)
 
 ### Added

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/files/coredns-configmap.yml

@@ -0,0 +1,31 @@
+# Based on https://github.com/kubernetes/kubernetes/blob/v1.18.6/cluster/addons/dns/coredns/coredns.yaml.in
+# with hosts plugin added
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health {
+            lameduck 5s
+        }
+        ready
+        hosts {
+            fallthrough
+        }
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+            pods insecure
+            fallthrough in-addr.arpa ip6.arpa
+            ttl 30
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf
+        cache 30
+        loop
+        reload
+        loadbalance
+    }

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/files/coredns-deployment-patch.yml

@@ -0,0 +1,17 @@
+spec:
+  template:
+    spec:
+      containers:
+      - name: coredns
+        resources:
+          requests:
+            ephemeral-storage: 2Mi
+        volumeMounts:
+        - name: hosts-volume
+          mountPath: /etc/hosts
+          readOnly: true
+      volumes:
+      - name: hosts-volume
+        hostPath:
+          path: /etc/hosts
+          type: File

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/deploy-file.yml

@@ -6,7 +6,7 @@
     state: directory
     owner: root
     group: root
-    mode: u=rwx,go=r
+    mode: u=rwx,go=rx
 
 - name: Upload and apply file
   vars:
@@ -23,5 +23,7 @@
 
     - name: Apply {{ dest_path }} file
       command: kubectl apply -f {{ dest_path }}
+      register: kubectl_apply
+      changed_when: kubectl_apply.stdout_lines | map('regex_replace', '^.+ ') | reject('eq', 'unchanged') | list
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/deploy-template.yml

@@ -8,11 +8,11 @@
     state: directory
     owner: root
     group: root
-    mode: u=rwx,go=r
+    mode: u=rwx,go=rx
 
 - name: Upload and apply template
   vars:
-    dest_path: "{{ epiphany_manifests_dir }}/{{ file_name | basename | regex_replace('.j2$') }}"
+    dest_path: "{{ epiphany_manifests_dir }}/{{ file_name | basename | regex_replace('\\.j2$') }}"
   block:
     - name: Upload {{ file_name }} file
       become: true
@@ -25,5 +25,7 @@
 
     - name: Apply {{ dest_path }} file
       command: kubectl apply -f {{ dest_path }}
+      register: kubectl_apply
+      changed_when: kubectl_apply.stdout_lines | map('regex_replace', '^.+ ') | reject('eq', 'unchanged') | list
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/patch-object.yml

@@ -0,0 +1,11 @@
+---
+- name: Patch {{ object.kind }} {{ object.name }}
+  command: |-
+    kubectl patch {{ object.kind }} {{ object.name | lower }} \
+      --namespace {{ object.namespace }} \
+      --type {{ patch.type | default('strategic') }} \
+      --patch '{{ patch.content }}'
+  register: kubectl_patch
+  changed_when: not 'no change' in kubectl_patch.stdout
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/master-init.yml

@@ -63,9 +63,6 @@
     owner: "{{ admin_user.name }}"
     group: "{{ admin_user.name }}"
 
-- name: Clean up previous version leftovers
-  include_tasks: ./previous-versions-cleanup.yml
-
 - name: Configure RBAC
   include_tasks: rbac.yml
 
@@ -81,8 +78,8 @@
   vars:
     network_plugin: "{{ specification.advanced.networking.plugin }}"
 
-- name: Apply coredns
-  include_tasks: apply-coredns.yml
+- name: Patch CoreDNS
+  include_tasks: patch-coredns.yml
 
 - name: Apply Kubernetes Dashboard
   include_tasks: apply-dashboard.yml

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/patch-coredns.yml

@@ -0,0 +1,21 @@
+---
+- name: Upload and deploy CoreDNS ConfigMap
+  include_tasks: deployments/deploy-file.yml
+  vars:
+    file_name: coredns-configmap.yml
+
+- name: Load patch file for CoreDNS deployment
+  include_vars:
+    file: roles/kubernetes_master/files/coredns-deployment-patch.yml
+    name: coredns_deployment_patch
+
+- name: Include tasks from deployments/patch-object.yml
+  include_tasks: deployments/patch-object.yml
+  vars:
+    object:
+      kind: deployment
+      name: CoreDNS
+      namespace: kube-system
+    patch:
+      content: "{{ coredns_deployment_patch | to_json }}"
+      type: strategic