2018-12-25 15:06:27 +08:00
|
|
|
---
|
2023-07-26 22:36:22 +08:00
|
|
|
- name: Kubeadm | Check api is up
|
2020-02-28 03:47:28 +08:00
|
|
|
uri:
|
2020-05-18 16:21:36 +08:00
|
|
|
url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}/healthz"
|
2020-02-28 03:47:28 +08:00
|
|
|
validate_certs: false
|
2021-03-24 08:26:05 +08:00
|
|
|
when: inventory_hostname in groups['kube_control_plane']
|
2020-02-28 03:47:28 +08:00
|
|
|
register: _result
|
|
|
|
retries: 60
|
|
|
|
delay: 5
|
|
|
|
until: _result.status == 200
|
|
|
|
|
2024-09-06 14:56:19 +08:00
|
|
|
- name: Kubeadm | Upgrade first control plane node
|
2018-12-25 15:06:27 +08:00
|
|
|
command: >-
|
|
|
|
timeout -k 600s 600s
|
|
|
|
{{ bin_dir }}/kubeadm
|
|
|
|
upgrade apply -y {{ kube_version }}
|
2021-09-17 19:31:00 +08:00
|
|
|
--certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }}
|
2018-12-25 15:06:27 +08:00
|
|
|
--ignore-preflight-errors=all
|
|
|
|
--allow-experimental-upgrades
|
2022-04-18 01:32:41 +08:00
|
|
|
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
2024-09-10 18:00:26 +08:00
|
|
|
{% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
|
2018-12-25 15:06:27 +08:00
|
|
|
--force
|
|
|
|
register: kubeadm_upgrade
|
|
|
|
# Retry is because upload config sometimes fails
|
|
|
|
retries: 3
|
2020-04-21 22:20:56 +08:00
|
|
|
until: kubeadm_upgrade.rc == 0
|
2021-12-06 16:16:32 +08:00
|
|
|
when: inventory_hostname == first_kube_control_plane
|
2018-12-25 15:06:27 +08:00
|
|
|
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
|
2020-09-29 21:35:27 +08:00
|
|
|
environment:
|
|
|
|
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
|
2024-09-06 14:56:19 +08:00
|
|
|
notify: Control plane | restart kubelet
|
2018-12-25 15:06:27 +08:00
|
|
|
|
2024-09-06 14:56:19 +08:00
|
|
|
- name: Kubeadm | Upgrade other control plane nodes
|
2018-12-25 15:06:27 +08:00
|
|
|
command: >-
|
|
|
|
timeout -k 600s 600s
|
|
|
|
{{ bin_dir }}/kubeadm
|
|
|
|
upgrade apply -y {{ kube_version }}
|
2021-09-17 19:31:00 +08:00
|
|
|
--certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }}
|
2018-12-25 15:06:27 +08:00
|
|
|
--ignore-preflight-errors=all
|
|
|
|
--allow-experimental-upgrades
|
2022-04-18 01:32:41 +08:00
|
|
|
--etcd-upgrade={{ (etcd_deployment_type == "kubeadm") | bool | lower }}
|
2024-09-10 18:00:26 +08:00
|
|
|
{% if kubeadm_patches | length > 0 %}--patches={{ kubeadm_patches_dir }}{% endif %}
|
2019-07-09 20:41:59 +08:00
|
|
|
--force
|
2018-12-25 15:06:27 +08:00
|
|
|
register: kubeadm_upgrade
|
2023-03-03 21:44:58 +08:00
|
|
|
# Retry is because upload config sometimes fails
|
|
|
|
retries: 3
|
|
|
|
until: kubeadm_upgrade.rc == 0
|
2021-12-06 16:16:32 +08:00
|
|
|
when: inventory_hostname != first_kube_control_plane
|
2023-03-03 21:44:58 +08:00
|
|
|
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
|
2020-09-29 21:35:27 +08:00
|
|
|
environment:
|
|
|
|
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
|
2024-09-06 14:56:19 +08:00
|
|
|
notify: Control plane | restart kubelet
|
2019-11-05 19:34:38 +08:00
|
|
|
|
2024-04-03 14:54:12 +08:00
|
|
|
- name: Kubeadm | Remove binding to anonymous user
|
|
|
|
command: "{{ kubectl }} -n kube-public delete rolebinding kubeadm:bootstrap-signer-clusterinfo --ignore-not-found"
|
|
|
|
when: remove_anonymous_access
|
|
|
|
|
2023-07-26 22:36:22 +08:00
|
|
|
- name: Kubeadm | clean kubectl cache to refresh api types
|
2020-01-06 18:23:35 +08:00
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: absent
|
|
|
|
with_items:
|
|
|
|
- /root/.kube/cache
|
|
|
|
- /root/.kube/http-cache
|
|
|
|
|
2019-11-05 19:34:38 +08:00
|
|
|
# FIXME: https://github.com/kubernetes/kubeadm/issues/1318
|
2023-07-26 22:36:22 +08:00
|
|
|
- name: Kubeadm | scale down coredns replicas to 0 if not using coredns dns_mode
|
2019-11-05 19:34:38 +08:00
|
|
|
command: >-
|
2022-01-05 18:26:32 +08:00
|
|
|
{{ kubectl }}
|
2019-11-05 19:34:38 +08:00
|
|
|
-n kube-system
|
|
|
|
scale deployment/coredns --replicas 0
|
|
|
|
register: scale_down_coredns
|
|
|
|
retries: 6
|
|
|
|
delay: 5
|
|
|
|
until: scale_down_coredns is succeeded
|
2023-03-03 21:44:58 +08:00
|
|
|
run_once: true
|
2019-11-05 19:34:38 +08:00
|
|
|
when:
|
|
|
|
- kubeadm_scale_down_coredns_enabled
|
|
|
|
- dns_mode not in ['coredns', 'coredns_dual']
|
|
|
|
changed_when: false
|