c12s-kubespray/upgrade-cluster.yml

---
- hosts: localhost
  gather_facts: false
  become: no
  tasks:
    - name: "Check ansible version >=2.7.8"
      assert:
        msg: "Ansible must be v2.7.8 or higher"
        that:
          - ansible_version.string is version("2.7.8", ">=")
      tags:
        - check
  vars:
    ansible_connection: local

- hosts: bastion[0]
  gather_facts: False
  roles:
    - { role: kubespray-defaults}
    - { role: bastion-ssh-config, tags: ["localhost", "bastion"]}

- hosts: k8s-cluster:etcd:calico-rr
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  gather_facts: false
  vars:
    # Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining
    # fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled.
    ansible_ssh_pipelining: false
  roles:
    - { role: kubespray-defaults}
    - { role: bootstrap-os, tags: bootstrap-os}

- name: Prepare nodes for upgrade
  hosts: k8s-cluster:etcd:calico-rr
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  roles:
    - { role: kubespray-defaults}
    - { role: kubernetes/preinstall, tags: preinstall }
    - { role: download, tags: download, when: "not skip_downloads" }
  environment: "{{ proxy_env }}"

- name: Upgrade container engine on non-cluster nodes
  hosts: etcd:calico-rr:!k8s-cluster
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  serial: "{{ serial | default('20%') }}"
  roles:
    - { role: kubespray-defaults}
    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
  environment: "{{ proxy_env }}"

- hosts: etcd
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  roles:
    - { role: kubespray-defaults}
    - role: etcd
      tags: etcd
      vars:
        etcd_cluster_setup: true
        etcd_events_cluster_setup: false
      when: not etcd_kubeadm_enabled | default(false)

- hosts: k8s-cluster
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  roles:
    - { role: kubespray-defaults}
    - role: etcd
      tags: etcd
      vars:
        etcd_cluster_setup: false
        etcd_events_cluster_setup: false
      when: not etcd_kubeadm_enabled | default(false)

- name: Handle upgrades to master components first to maintain backwards compat.
  hosts: kube-master
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  serial: 1
  roles:
    - { role: kubespray-defaults}
    - { role: upgrade/pre-upgrade, tags: pre-upgrade }
    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
    - { role: kubernetes/node, tags: node }
    - { role: kubernetes/master, tags: master, upgrade_cluster_setup: true }
    - { role: kubernetes/client, tags: client }
    - { role: kubernetes/node-label, tags: node-label }
    - { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
    - { role: upgrade/post-upgrade, tags: post-upgrade }
  environment: "{{ proxy_env }}"

- name: Upgrade calico on all masters and nodes
  hosts: kube-master:kube-node
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  serial: "{{ serial | default('20%') }}"
  roles:
    - { role: kubespray-defaults}
    - { role: network_plugin, tags: network }
    - { role: kubernetes-apps/network_plugin, tags: network }
    - { role: kubernetes-apps/policy_controller, tags: policy-controller }

- name: Finally handle worker upgrades, based on given batch size
  hosts: kube-node:!kube-master
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  serial: "{{ serial | default('20%') }}"
  roles:
    - { role: kubespray-defaults}
    - { role: upgrade/pre-upgrade, tags: pre-upgrade }
    - { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
    - { role: kubernetes/node, tags: node }
    - { role: kubernetes/kubeadm, tags: kubeadm }
    - { role: kubernetes/node-label, tags: node-label }
    - { role: upgrade/post-upgrade, tags: post-upgrade }
  environment: "{{ proxy_env }}"

- hosts: kube-master[0]
  any_errors_fatal: true
  roles:
    - { role: kubespray-defaults}
    - { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
    - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"]}

- hosts: calico-rr
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  roles:
    - { role: kubespray-defaults}
    - { role: network_plugin/calico/rr, tags: network }
  environment: "{{ proxy_env }}"

- hosts: kube-master
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  roles:
    - { role: kubespray-defaults}
    - { role: kubernetes-apps, tags: apps }
  environment: "{{ proxy_env }}"

- hosts: k8s-cluster
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  roles:
    - { role: kubespray-defaults}
    - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }