5457799aa3
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts if etcd certs changed.
49 lines
1.9 KiB
YAML
49 lines
1.9 KiB
YAML
---
|
|
- name: "Pre-upgrade | check for kube-apiserver unit file"
|
|
stat:
|
|
path: /etc/systemd/system/kube-apiserver.service
|
|
register: kube_apiserver_service_file
|
|
tags: [facts, kube-apiserver]
|
|
|
|
- name: "Pre-upgrade | check for kube-apiserver init script"
|
|
stat:
|
|
path: /etc/init.d/kube-apiserver
|
|
register: kube_apiserver_init_script
|
|
tags: [facts, kube-apiserver]
|
|
|
|
- name: "Pre-upgrade | stop kube-apiserver if service defined"
|
|
service:
|
|
name: kube-apiserver
|
|
state: stopped
|
|
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
|
tags: kube-apiserver
|
|
|
|
- name: "Pre-upgrade | remove kube-apiserver service definition"
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
|
|
with_items:
|
|
- /etc/systemd/system/kube-apiserver.service
|
|
- /etc/init.d/kube-apiserver
|
|
tags: kube-apiserver
|
|
|
|
- name: "Pre-upgrade | See if kube-apiserver manifest exists"
|
|
stat:
|
|
path: /etc/kubernetes/manifests/kube-apiserver.manifest
|
|
register: kube_apiserver_manifest
|
|
when: secret_changed|default(false) or etcd_secret_changed|default(false)
|
|
|
|
- name: "Pre-upgrade | Write invalid image to kube-apiserver manifest if secrets were changed"
|
|
replace:
|
|
dest: /etc/kubernetes/manifests/kube-apiserver.manifest
|
|
regexp: '(\s+)image:\s+.*?$'
|
|
replace: '\1image: kill.apiserver.using.fake.image.in:manifest'
|
|
register: kube_apiserver_manifest_replaced
|
|
when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists
|
|
|
|
- name: "Pre-upgrade | Pause while waiting for kubelet to delete kube-apiserver pod"
|
|
pause: seconds=20
|
|
when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists
|
|
tags: kube-apiserver
|
|
|