Fix E306 in roles/kubernetes (#6500)
This commit is contained in:
Maxime Guyot
GitHub
parent
bfe143808f
commit
fc23f37af7
6 changed files with 31 additions and 15 deletions
|
|
@ -22,8 +22,10 @@
|
||||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Calculate kubeadm CA cert hash # noqa 306
|
- name: Calculate kubeadm CA cert hash
|
||||||
shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
shell: set -o pipefail && openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
register: kubeadm_ca_hash
|
register: kubeadm_ca_hash
|
||||||
when:
|
when:
|
||||||
- kubeadm_ca_stat.stat is defined
|
- kubeadm_ca_stat.stat is defined
|
||||||
|
|
@ -107,11 +109,13 @@
|
||||||
|
|
||||||
# FIXME(mattymo): Need to point to localhost, otherwise masters will all point
|
# FIXME(mattymo): Need to point to localhost, otherwise masters will all point
|
||||||
# incorrectly to first master, creating SPoF.
|
# incorrectly to first master, creating SPoF.
|
||||||
- name: Update server field in kube-proxy kubeconfig # noqa 306
|
- name: Update server field in kube-proxy kubeconfig
|
||||||
shell: >-
|
shell: >-
|
||||||
{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
|
set -o pipefail && {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml
|
||||||
| sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g'
|
| sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g'
|
||||||
| {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
|
| {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f -
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
run_once: true
|
run_once: true
|
||||||
delegate_to: "{{ groups['kube-master']|first }}"
|
delegate_to: "{{ groups['kube-master']|first }}"
|
||||||
delegate_facts: false
|
delegate_facts: false
|
||||||
|
|
|
||||||
|
|
@ -47,8 +47,10 @@
|
||||||
when:
|
when:
|
||||||
- old_apiserver_cert.stat.exists
|
- old_apiserver_cert.stat.exists
|
||||||
|
|
||||||
- name: kubeadm | Forcefully delete old static pods # noqa 306
|
- name: kubeadm | Forcefully delete old static pods
|
||||||
shell: "docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
|
shell: "set -o pipefail && docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||||
when:
|
when:
|
||||||
- old_apiserver_cert.stat.exists
|
- old_apiserver_cert.stat.exists
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,10 @@
|
||||||
register: kube_apiserver_manifest_replaced
|
register: kube_apiserver_manifest_replaced
|
||||||
when: etcd_secret_changed|default(false)
|
when: etcd_secret_changed|default(false)
|
||||||
|
|
||||||
- name: "Pre-upgrade | Delete master containers forcefully" # noqa 306 503
|
- name: "Pre-upgrade | Delete master containers forcefully" # noqa 503
|
||||||
shell: "docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"
|
shell: "set -o pipefail && docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
with_items:
|
with_items:
|
||||||
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
- ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
|
||||||
when: kube_apiserver_manifest_replaced.changed
|
when: kube_apiserver_manifest_replaced.changed
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,14 @@
|
||||||
---
|
---
|
||||||
- name: "Pre-upgrade | check if kubelet container exists" # noqa 306
|
- name: "Pre-upgrade | check if kubelet container exists"
|
||||||
shell: >-
|
shell: >-
|
||||||
|
set -o pipefail &&
|
||||||
{% if container_manager in ['crio', 'docker'] %}
|
{% if container_manager in ['crio', 'docker'] %}
|
||||||
docker ps -af name=kubelet | grep kubelet
|
docker ps -af name=kubelet | grep kubelet
|
||||||
{% elif container_manager == 'containerd' %}
|
{% elif container_manager == 'containerd' %}
|
||||||
crictl ps --all --name kubelet | grep kubelet
|
crictl ps --all --name kubelet | grep kubelet
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: kubelet_container_check
|
register: kubelet_container_check
|
||||||
|
|
|
||||||
|
|
@ -158,8 +158,10 @@
|
||||||
when:
|
when:
|
||||||
- kube_network_plugin == 'calico'
|
- kube_network_plugin == 'calico'
|
||||||
|
|
||||||
- name: "Get current version of calico cluster version" # noqa 306
|
- name: "Get current version of calico cluster version"
|
||||||
shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'"
|
shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
register: calico_version_on_server
|
register: calico_version_on_server
|
||||||
run_once: yes
|
run_once: yes
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
|
||||||
|
|
@ -42,18 +42,21 @@
|
||||||
run_once: true
|
run_once: true
|
||||||
when: sync_tokens|default(false)
|
when: sync_tokens|default(false)
|
||||||
|
|
||||||
- name: Gen_tokens | Gather tokens # noqa 306
|
- name: Gen_tokens | Gather tokens
|
||||||
shell: "tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0"
|
shell: "set -o pipefail && tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0"
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
executable: /bin/bash
|
||||||
register: tokens_data
|
register: tokens_data
|
||||||
check_mode: no
|
check_mode: no
|
||||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
when: sync_tokens|default(false)
|
when: sync_tokens|default(false)
|
||||||
|
|
||||||
- name: Gen_tokens | Copy tokens on masters # noqa 306
|
- name: Gen_tokens | Copy tokens on masters
|
||||||
shell: "echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /"
|
shell: "set -o pipefail && echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
when:
|
when:
|
||||||
- inventory_hostname in groups['kube-master']
|
- inventory_hostname in groups['kube-master']
|
||||||
- sync_tokens|default(false)
|
- sync_tokens|default(false)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue