Update Kubernetes to v1.9.0 (#2100)
Update checksum for kubeadm Use v1.9.0 kubeadm params Include hash of ca.crt for kubeadm join Update tag for testing upgrades Add workaround for testing upgrades Remove scale CI scenarios because of slow inventory parsing in ansible 2.4.x. Change region for tests to us-central1 to improve ansible performancepull/2113/head
parent
3fdb2ccf55
commit
ad6fecefa8
|
@ -94,9 +94,11 @@ before_script:
|
||||||
# Check out latest tag if testing upgrade
|
# Check out latest tag if testing upgrade
|
||||||
# Uncomment when gitlab kargo repo has tags
|
# Uncomment when gitlab kargo repo has tags
|
||||||
#- test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
|
#- test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
|
||||||
- test "${UPGRADE_TEST}" != "false" && git checkout 72ae7638bcc94c66afa8620dfa4ad9a9249327ea
|
- test "${UPGRADE_TEST}" != "false" && git checkout ba0a03a8ba2d97a73d06242ec4bb3c7e2012e58c
|
||||||
# Checkout the CI vars file so it is available
|
# Checkout the CI vars file so it is available
|
||||||
- test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" tests/files/${CI_JOB_NAME}.yml
|
- test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" tests/files/${CI_JOB_NAME}.yml
|
||||||
|
# Workaround https://github.com/kubernetes-incubator/kubespray/issues/2021
|
||||||
|
- 'sh -c "echo ignore_assert_errors: true | tee -a tests/files/${CI_JOB_NAME}.yml"'
|
||||||
|
|
||||||
|
|
||||||
# Create cluster
|
# Create cluster
|
||||||
|
|
|
@ -54,7 +54,7 @@ Versions of supported components
|
||||||
--------------------------------
|
--------------------------------
|
||||||
|
|
||||||
|
|
||||||
[kubernetes](https://github.com/kubernetes/kubernetes/releases) v1.8.4 <br>
|
[kubernetes](https://github.com/kubernetes/kubernetes/releases) v1.9.0 <br>
|
||||||
[etcd](https://github.com/coreos/etcd/releases) v3.2.4 <br>
|
[etcd](https://github.com/coreos/etcd/releases) v3.2.4 <br>
|
||||||
[flanneld](https://github.com/coreos/flannel/releases) v0.8.0 <br>
|
[flanneld](https://github.com/coreos/flannel/releases) v0.8.0 <br>
|
||||||
[calico](https://docs.projectcalico.org/v2.5/releases/) v2.5.0 <br>
|
[calico](https://docs.projectcalico.org/v2.5/releases/) v2.5.0 <br>
|
||||||
|
|
|
@ -23,7 +23,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
|
||||||
kube_api_anonymous_auth: false
|
kube_api_anonymous_auth: false
|
||||||
|
|
||||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||||
kube_version: v1.8.4
|
kube_version: v1.9.0
|
||||||
|
|
||||||
# Where the binaries will be downloaded.
|
# Where the binaries will be downloaded.
|
||||||
# Note: ensure that you've enough disk space (about 1G)
|
# Note: ensure that you've enough disk space (about 1G)
|
||||||
|
|
|
@ -24,7 +24,7 @@ download_always_pull: False
|
||||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||||
|
|
||||||
# Versions
|
# Versions
|
||||||
kube_version: v1.8.4
|
kube_version: v1.9.0
|
||||||
kubeadm_version: "{{ kube_version }}"
|
kubeadm_version: "{{ kube_version }}"
|
||||||
etcd_version: v3.2.4
|
etcd_version: v3.2.4
|
||||||
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
||||||
|
@ -36,27 +36,21 @@ calico_policy_version: "v1.0.0"
|
||||||
calico_rr_version: "v0.4.0"
|
calico_rr_version: "v0.4.0"
|
||||||
flannel_version: "v0.9.1"
|
flannel_version: "v0.9.1"
|
||||||
flannel_cni_version: "v0.3.0"
|
flannel_cni_version: "v0.3.0"
|
||||||
|
istio_version: "0.2.6"
|
||||||
|
vault_version: 0.8.1
|
||||||
weave_version: 2.0.5
|
weave_version: 2.0.5
|
||||||
pod_infra_version: 3.0
|
pod_infra_version: 3.0
|
||||||
contiv_version: 1.1.7
|
contiv_version: 1.1.7
|
||||||
|
|
||||||
# Download URLs
|
# Download URLs
|
||||||
|
istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
|
||||||
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
|
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
|
||||||
|
vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
||||||
|
|
||||||
# Checksums
|
# Checksums
|
||||||
kubeadm_checksum: "08c93bb83c1af8703d49027b863fee08721cb96900f8d70d4d45b50dd1e5bc2c"
|
|
||||||
|
|
||||||
istio_version: "0.2.6"
|
|
||||||
|
|
||||||
istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
|
|
||||||
istioctl_checksum: fd703063c540b8c0ab943f478c05ab257d88ae27224c746a27d0526ddbf7c370
|
istioctl_checksum: fd703063c540b8c0ab943f478c05ab257d88ae27224c746a27d0526ddbf7c370
|
||||||
|
kubeadm_checksum: 069e386f620e7274e114226ab7532c2320be7f65328c1e55b23a69b73122b828
|
||||||
vault_version: 0.8.1
|
|
||||||
vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e5914188
|
vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e5914188
|
||||||
vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
|
||||||
vault_image_repo: "vault"
|
|
||||||
vault_image_tag: "{{ vault_version }}"
|
|
||||||
|
|
||||||
|
|
||||||
# Containers
|
# Containers
|
||||||
etcd_image_repo: "quay.io/coreos/etcd"
|
etcd_image_repo: "quay.io/coreos/etcd"
|
||||||
|
@ -127,6 +121,8 @@ helm_image_repo: "lachlanevenson/k8s-helm"
|
||||||
helm_image_tag: "{{ helm_version }}"
|
helm_image_tag: "{{ helm_version }}"
|
||||||
tiller_image_repo: "gcr.io/kubernetes-helm/tiller"
|
tiller_image_repo: "gcr.io/kubernetes-helm/tiller"
|
||||||
tiller_image_tag: "{{ helm_version }}"
|
tiller_image_tag: "{{ helm_version }}"
|
||||||
|
vault_image_repo: "vault"
|
||||||
|
vault_image_tag: "{{ vault_version }}"
|
||||||
|
|
||||||
downloads:
|
downloads:
|
||||||
netcheck_server:
|
netcheck_server:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
kind: StorageClass
|
kind: StorageClass
|
||||||
apiVersion: storage.k8s.io/v1
|
apiVersion: storage.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -16,6 +16,13 @@
|
||||||
path: "{{ kube_config_dir }}/kubelet.conf"
|
path: "{{ kube_config_dir }}/kubelet.conf"
|
||||||
register: kubelet_conf
|
register: kubelet_conf
|
||||||
|
|
||||||
|
|
||||||
|
- name: Calculate kubeadm CA cert hash
|
||||||
|
shell: openssl x509 -pubkey -in {{ kube_config_dir }}/ssl/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
||||||
|
register: kubeadm_ca_hash
|
||||||
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
|
run_once: true
|
||||||
|
|
||||||
- name: Create kubeadm client config
|
- name: Create kubeadm client config
|
||||||
template:
|
template:
|
||||||
src: kubeadm-client.conf.j2
|
src: kubeadm-client.conf.j2
|
||||||
|
@ -25,7 +32,10 @@
|
||||||
register: kubeadm_client_conf
|
register: kubeadm_client_conf
|
||||||
|
|
||||||
- name: Join to cluster if needed
|
- name: Join to cluster if needed
|
||||||
command: "{{ bin_dir }}/kubeadm join --config {{ kube_config_dir}}/kubeadm-client.conf --skip-preflight-checks"
|
command: >-
|
||||||
|
{{ bin_dir }}/kubeadm join
|
||||||
|
--config {{ kube_config_dir}}/kubeadm-client.conf
|
||||||
|
--ignore-preflight-errors=all
|
||||||
register: kubeadm_join
|
register: kubeadm_join
|
||||||
when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists)
|
when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists)
|
||||||
|
|
||||||
|
|
|
@ -4,3 +4,5 @@ caCertPath: {{ kube_config_dir }}/ssl/ca.crt
|
||||||
token: {{ kubeadm_token }}
|
token: {{ kubeadm_token }}
|
||||||
discoveryTokenAPIServers:
|
discoveryTokenAPIServers:
|
||||||
- {{ kubeadm_discovery_address | replace("https://", "")}}
|
- {{ kubeadm_discovery_address | replace("https://", "")}}
|
||||||
|
DiscoveryTokenCACertHashes:
|
||||||
|
- sha256:{{ kubeadm_ca_hash.stdout }}
|
||||||
|
|
|
@ -72,7 +72,7 @@
|
||||||
register: kubeadm_config
|
register: kubeadm_config
|
||||||
|
|
||||||
- name: kubeadm | Initialize first master
|
- name: kubeadm | Initialize first master
|
||||||
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks
|
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all
|
||||||
register: kubeadm_init
|
register: kubeadm_init
|
||||||
# Retry is because upload config sometimes fails
|
# Retry is because upload config sometimes fails
|
||||||
retries: 3
|
retries: 3
|
||||||
|
@ -86,7 +86,7 @@
|
||||||
{{ bin_dir }}/kubeadm
|
{{ bin_dir }}/kubeadm
|
||||||
upgrade apply -y {{ kube_version }}
|
upgrade apply -y {{ kube_version }}
|
||||||
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
||||||
--skip-preflight-checks
|
--ignore-preflight-errors=all
|
||||||
--allow-experimental-upgrades
|
--allow-experimental-upgrades
|
||||||
--allow-release-candidate-upgrades
|
--allow-release-candidate-upgrades
|
||||||
register: kubeadm_upgrade
|
register: kubeadm_upgrade
|
||||||
|
@ -135,7 +135,7 @@
|
||||||
when: inventory_hostname != groups['kube-master']|first
|
when: inventory_hostname != groups['kube-master']|first
|
||||||
|
|
||||||
- name: kubeadm | Init other uninitialized masters
|
- name: kubeadm | Init other uninitialized masters
|
||||||
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks
|
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all
|
||||||
register: kubeadm_init
|
register: kubeadm_init
|
||||||
when: inventory_hostname != groups['kube-master']|first and not kubeadm_ca.stat.exists
|
when: inventory_hostname != groups['kube-master']|first and not kubeadm_ca.stat.exists
|
||||||
failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
|
failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
|
||||||
|
@ -147,7 +147,7 @@
|
||||||
{{ bin_dir }}/kubeadm
|
{{ bin_dir }}/kubeadm
|
||||||
upgrade apply -y {{ kube_version }}
|
upgrade apply -y {{ kube_version }}
|
||||||
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
||||||
--skip-preflight-checks
|
--ignore-preflight-errors=all
|
||||||
--allow-experimental-upgrades
|
--allow-experimental-upgrades
|
||||||
--allow-release-candidate-upgrades
|
--allow-release-candidate-upgrades
|
||||||
register: kubeadm_upgrade
|
register: kubeadm_upgrade
|
||||||
|
|
|
@ -16,7 +16,9 @@ networking:
|
||||||
serviceSubnet: {{ kube_service_addresses }}
|
serviceSubnet: {{ kube_service_addresses }}
|
||||||
podSubnet: {{ kube_pods_subnet }}
|
podSubnet: {{ kube_pods_subnet }}
|
||||||
kubernetesVersion: {{ kube_version }}
|
kubernetesVersion: {{ kube_version }}
|
||||||
cloudProvider: {{ cloud_provider|default('') }}
|
{% if cloud_provider is defined and cloud_provider != "gce" %}
|
||||||
|
cloudProvider: {{ cloud_provider }}
|
||||||
|
{% endif %}
|
||||||
authorizationModes:
|
authorizationModes:
|
||||||
{% for mode in authorization_modes %}
|
{% for mode in authorization_modes %}
|
||||||
- {{ mode }}
|
- {{ mode }}
|
||||||
|
|
|
@ -13,7 +13,7 @@ kube_api_anonymous_auth: false
|
||||||
is_atomic: false
|
is_atomic: false
|
||||||
|
|
||||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||||
kube_version: v1.8.4
|
kube_version: v1.9.0
|
||||||
|
|
||||||
# Set to true to allow pre-checks to fail and continue deployment
|
# Set to true to allow pre-checks to fail and continue deployment
|
||||||
ignore_assert_errors: false
|
ignore_assert_errors: false
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: centos-7
|
cloud_image_family: centos-7
|
||||||
cloud_region: europe-west1-b
|
cloud_region: us-central1-c
|
||||||
mode: ha-scale
|
cloud_machine_type: "n1-standard-1"
|
||||||
|
mode: ha
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
kube_network_plugin: calico
|
kube_network_plugin: calico
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: centos-7
|
cloud_image_family: centos-7
|
||||||
cloud_region: us-west1-a
|
cloud_region: us-central1-c
|
||||||
cloud_machine_type: "n1-standard-1"
|
cloud_machine_type: "n1-standard-1"
|
||||||
mode: default
|
mode: default
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: coreos-alpha
|
cloud_image_family: coreos-alpha
|
||||||
cloud_region: us-west1-a
|
cloud_region: us-central1-a
|
||||||
mode: ha-scale
|
cloud_machine_type: "n1-standard-1"
|
||||||
|
mode: ha
|
||||||
startup_script: 'systemctl disable locksmithd && systemctl stop locksmithd'
|
startup_script: 'systemctl disable locksmithd && systemctl stop locksmithd'
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: coreos-stable
|
cloud_image_family: coreos-stable
|
||||||
cloud_region: us-west1-b
|
cloud_region: us-central1-a
|
||||||
cloud_machine_type: "n1-standard-2"
|
cloud_machine_type: "n1-standard-2"
|
||||||
mode: aio
|
mode: aio
|
||||||
##user-data to simply turn off coreos upgrades
|
##user-data to simply turn off coreos upgrades
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: coreos-stable
|
cloud_image_family: coreos-stable
|
||||||
cloud_region: us-east1-b
|
cloud_region: us-central1-c
|
||||||
mode: default
|
mode: default
|
||||||
startup_script: 'systemctl disable locksmithd && systemctl stop locksmithd'
|
startup_script: 'systemctl disable locksmithd && systemctl stop locksmithd'
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: rhel-7
|
cloud_image_family: rhel-7
|
||||||
cloud_region: us-east1-b
|
cloud_region: us-central1-a
|
||||||
mode: separate
|
mode: separate
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: rhel-7
|
cloud_image_family: rhel-7
|
||||||
cloud_region: europe-west1-b
|
cloud_region: us-central1-b
|
||||||
mode: default
|
mode: default
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: ubuntu-1604-lts
|
cloud_image_family: ubuntu-1604-lts
|
||||||
cloud_region: europe-west1-b
|
cloud_region: us-central1-c
|
||||||
mode: ha
|
mode: ha
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: ubuntu-1604-lts
|
cloud_image_family: ubuntu-1604-lts
|
||||||
cloud_machine_type: "n1-standard-1"
|
cloud_machine_type: "n1-standard-1"
|
||||||
cloud_region: europe-west1-b
|
cloud_region: us-central1-c
|
||||||
mode: ha
|
mode: ha
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: ubuntu-1604-lts
|
cloud_image_family: ubuntu-1604-lts
|
||||||
cloud_region: us-west1-a
|
cloud_region: us-central1-b
|
||||||
mode: separate
|
mode: separate
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: ubuntu-1604-lts
|
cloud_image_family: ubuntu-1604-lts
|
||||||
cloud_region: europe-west1-b
|
cloud_region: us-central1-a
|
||||||
mode: separate
|
mode: separate
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: ubuntu-1604-lts
|
cloud_image_family: ubuntu-1604-lts
|
||||||
cloud_region: us-central1-b
|
cloud_region: us-central1-c
|
||||||
mode: separate
|
mode: separate
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image_family: ubuntu-1604-lts
|
cloud_image_family: ubuntu-1604-lts
|
||||||
cloud_region: us-central1-b
|
cloud_region: us-central1-c
|
||||||
mode: separate
|
mode: separate
|
||||||
|
|
||||||
# Deployment settings
|
# Deployment settings
|
||||||
|
|
Loading…
Reference in New Issue