From 9037e20284c3ecb29ebd2422fc757d0b7e5d08ca Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Tue, 19 Sep 2017 07:05:26 +0100 Subject: [PATCH] use init/upgrade strategy for kubeadm and ignore kubedns svc --- .gitlab-ci.yml | 15 ++++----- .../kubernetes/master/tasks/kubeadm-setup.yml | 33 ++++++++++++------- roles/kubernetes/node/tasks/install.yml | 10 +++++- 3 files changed, 37 insertions(+), 21 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f682c2726..1265b0e99 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -296,18 +296,17 @@ before_script: UPGRADE_TEST: "graceful" STARTUP_SCRIPT: "" -.coreos_weave_kubeadm_variables: &coreos_weave_kubeadm_variables +.centos_weave_kubeadm_variables: ¢os_weave_kubeadm_variables # stage: deploy-gce-part1 KUBE_NETWORK_PLUGIN: weave AUTHORIZATION_MODES: "{ 'authorization_modes': [ 'RBAC' ] }" - CLOUD_IMAGE: coreos-stable-1465-6-0-v20170817 + CLOUD_IMAGE: centos-7 CLOUD_MACHINE_TYPE: "n1-standard-1" CLOUD_REGION: us-central1-b - BOOTSTRAP_OS: coreos CLUSTER_MODE: ha KUBEADM_ENABLED: "true" UPGRADE_TEST: "graceful" - STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd' + STARTUP_SCRIPT: "" .ubuntu_canal_kubeadm_variables: &ubuntu_canal_kubeadm_variables # stage: deploy-gce-part1 @@ -531,24 +530,24 @@ ubuntu-canal-kubeadm-triggers: when: on_success only: ['triggers'] -coreos-weave-kubeadm-rbac: +centos-weave-kubeadm-rbac: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables - <<: *coreos_weave_kubeadm_variables + <<: *centos_weave_kubeadm_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] -coreos-weave-kubeadm-triggers: +centos-weave-kubeadm-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables - <<: *coreos_weave_kubeadm_variables + <<: *centos_weave_kubeadm_variables when: on_success only: ['triggers'] diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml index 241862485..0779a623d 100644 --- a/roles/kubernetes/master/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml @@ -61,11 +61,20 @@ register: kubeadm_config - name: kubeadm | Initialize first master - command: timeout -k 240s 240s kubeadm upgrade --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks + command: timeout -k 240s 240s kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks register: kubeadm_init #Retry is because upload config sometimes fails retries: 3 - when: inventory_hostname == groups['kube-master']|first and (kubeadm_config.changed or not admin_conf.stat.exists) + when: inventory_hostname == groups['kube-master']|first and not admin_conf.stat.exists + failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr + +- name: kubeadm | Upgrade first master + command: timeout -k 240s 240s kubeadm upgrade apply --config={{ kube_config_dir }}/kubeadm-config.yaml {{ kube_version }} --skip-preflight-checks + register: kubeadm_upgrade + #Retry is because upload config sometimes fails + retries: 3 + when: inventory_hostname == groups['kube-master']|first and (kubeadm_config.changed and admin_conf.stat.exists) + failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr - name: slurp kubeadm certs slurp: @@ -99,17 +108,17 @@ with_items: "{{ kubeadm_certs.results }}" when: inventory_hostname != groups['kube-master']|first -- name: kubeadm | Quick join other masters - command: timeout -k 240s 240s kubeadm alpha phase {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks +- name: kubeadm | Init other uninitialized masters + command: timeout -k 240s 240s kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks register: kubeadm_init - #Retry is because upload config sometimes fails - retries: 3 - with_items: - - controlplane apiserver - - controlplane scheduler - - controlplane controller-manager - - bootstrap mark-master - when: inventory_hostname != groups['kube-master']|first and (kubeadm_config.changed or not admin_conf.stat.exists or copy_kubeadm_certs.changed) + when: inventory_hostname != groups['kube-master']|first and not admin_conf.stat.exists + failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr + +- name: kubeadm | Upgrade first master + command: timeout -k 240s 240s kubeadm upgrade apply --config={{ kube_config_dir }}/kubeadm-config.yaml {{ kube_version }} --skip-preflight-checks + register: kubeadm_upgrade + when: inventory_hostname != groups['kube-master']|first and (kubeadm_config.changed and admin_conf.stat.exists) + failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr - name: kubeadm | Check service account key again stat: diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index 20d542da8..d4401c236 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -19,12 +19,20 @@ when: kubeadm_enabled tags: kubeadm -- name: install | Copy binary from download dir +- name: install | Copy kubeadm binary from download dir command: rsync -piu "{{ local_release_dir }}/kubeadm" "{{ bin_dir }}/kubeadm" changed_when: false when: kubeadm_enabled tags: kubeadm +- name: install | Set kubeadm binary permissions + file: + path: "{{ bin_dir }}/kubeadm" + mode: "0755" + state: file + when: kubeadm_enabled + tags: kubeadm + - include: "install_{{ kubelet_deployment_type }}.yml" - name: install | Write kubelet systemd init file