diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2a0106162..7a6694f24 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -596,6 +596,7 @@ syntax-check: - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root cluster.yml -vvv --syntax-check - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root upgrade-cluster.yml -vvv --syntax-check - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root reset.yml -vvv --syntax-check + - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check except: ['triggers', 'master'] tox-inventory-builder: diff --git a/extra_playbooks/inventory b/extra_playbooks/inventory new file mode 120000 index 000000000..e09e1addd --- /dev/null +++ b/extra_playbooks/inventory @@ -0,0 +1 @@ +../inventory \ No newline at end of file diff --git a/extra_playbooks/roles b/extra_playbooks/roles new file mode 120000 index 000000000..d8c4472ca --- /dev/null +++ b/extra_playbooks/roles @@ -0,0 +1 @@ +../roles \ No newline at end of file diff --git a/extra_playbooks/upgrade-only-k8s.yml b/extra_playbooks/upgrade-only-k8s.yml new file mode 100644 index 000000000..f10259b07 --- /dev/null +++ b/extra_playbooks/upgrade-only-k8s.yml @@ -0,0 +1,60 @@ +### NOTE: This playbook cannot be used to deploy any new nodes to the cluster. +### Additional information: +### * Will not upgrade etcd +### * Will not upgrade network plugins +### * Will not upgrade Docker +### * Currently does not support Vault deployment. +### +### In most cases, you probably want to use upgrade-cluster.yml playbook and +### not this one. + +- hosts: localhost + gather_facts: False + roles: + - { role: kargo-defaults} + - { role: bastion-ssh-config, tags: ["localhost", "bastion"]} + +- hosts: k8s-cluster:etcd:calico-rr + any_errors_fatal: "{{ any_errors_fatal | default(true) }}" + gather_facts: false + vars: + # Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining + # fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled. + ansible_ssh_pipelining: false + roles: + - { role: kargo-defaults} + - { role: bootstrap-os, tags: bootstrap-os} + +- hosts: k8s-cluster:etcd:calico-rr + any_errors_fatal: "{{ any_errors_fatal | default(true) }}" + vars: + ansible_ssh_pipelining: true + gather_facts: true + +- hosts: k8s-cluster:etcd:calico-rr + any_errors_fatal: "{{ any_errors_fatal | default(true) }}" + roles: + - { role: kargo-defaults} + - { role: kubernetes/preinstall, tags: preinstall } + +#Handle upgrades to master components first to maintain backwards compat. +- hosts: kube-master + any_errors_fatal: "{{ any_errors_fatal | default(true) }}" + serial: 1 + roles: + - { role: kargo-defaults} + - { role: upgrade/pre-upgrade, tags: pre-upgrade } + - { role: kubernetes/node, tags: node } + - { role: kubernetes/master, tags: master } + - { role: upgrade/post-upgrade, tags: post-upgrade } + +#Finally handle worker upgrades, based on given batch size +- hosts: kube-node:!kube-master + any_errors_fatal: "{{ any_errors_fatal | default(true) }}" + serial: "{{ serial | default('20%') }}" + roles: + - { role: kargo-defaults} + - { role: upgrade/pre-upgrade, tags: pre-upgrade } + - { role: kubernetes/node, tags: node } + - { role: upgrade/post-upgrade, tags: post-upgrade } + - { role: kargo-defaults}