7f87ce0362
* Run 'container-engine' after drain. Move possibly disruptive role 'container-engine' to run after the node is drained. As that role have to be run on non-cluster nodes as well (etcd and calico-rr), and those nodes are not drained, add play for that case. * Check if api is up before upgrade. If container engine is restarted in previous role, api controller can take some time to start. This check ensures api is up before upgrade.
76 lines
2.5 KiB
YAML
76 lines
2.5 KiB
YAML
---
|
|
- name: kubeadm | Check api is up
|
|
uri:
|
|
url: "https://{{ ip | default(fallback_ips[inventory_hostname]) }}:6443/healthz"
|
|
validate_certs: false
|
|
when: inventory_hostname == groups['kube-master']|first
|
|
register: _result
|
|
retries: 60
|
|
delay: 5
|
|
until: _result.status == 200
|
|
|
|
- name: kubeadm | Upgrade first master
|
|
command: >-
|
|
timeout -k 600s 600s
|
|
{{ bin_dir }}/kubeadm
|
|
upgrade apply -y {{ kube_version }}
|
|
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
|
--ignore-preflight-errors=all
|
|
--allow-experimental-upgrades
|
|
--allow-release-candidate-upgrades
|
|
--etcd-upgrade=false
|
|
{{ (kubeadm_output.stdout is version('v1.16.0', '>=')) | ternary('--certificate-renewal=true', '') }}
|
|
--force
|
|
register: kubeadm_upgrade
|
|
# Retry is because upload config sometimes fails
|
|
retries: 3
|
|
when: inventory_hostname == groups['kube-master']|first
|
|
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
|
|
notify: Master | restart kubelet
|
|
|
|
# FIXME: https://github.com/kubernetes/kubeadm/issues/1498 remove stdout_lines
|
|
# check after issue is fixed
|
|
- name: kubeadm | Upgrade other masters
|
|
command: >-
|
|
timeout -k 600s 600s
|
|
{{ bin_dir }}/kubeadm
|
|
upgrade apply -y {{ kube_version }}
|
|
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
|
--ignore-preflight-errors=all
|
|
--allow-experimental-upgrades
|
|
--allow-release-candidate-upgrades
|
|
--etcd-upgrade=false
|
|
{{ (kubeadm_output.stdout is version('v1.16.0', '>=')) | ternary('--certificate-renewal=true', '') }}
|
|
--force
|
|
register: kubeadm_upgrade
|
|
when: inventory_hostname != groups['kube-master']|first
|
|
failed_when:
|
|
- kubeadm_upgrade.rc != 0
|
|
- '"field is immutable" not in kubeadm_upgrade.stderr'
|
|
- kubeadm_upgrade.stdout_lines | length > 1
|
|
notify: Master | restart kubelet
|
|
|
|
- name: kubeadm | clean kubectl cache to refresh api types
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /root/.kube/cache
|
|
- /root/.kube/http-cache
|
|
|
|
# FIXME: https://github.com/kubernetes/kubeadm/issues/1318
|
|
- name: kubeadm | scale down coredns replicas to 0 if not using coredns dns_mode
|
|
command: >-
|
|
{{ bin_dir }}/kubectl
|
|
--kubeconfig /etc/kubernetes/admin.conf
|
|
-n kube-system
|
|
scale deployment/coredns --replicas 0
|
|
register: scale_down_coredns
|
|
retries: 6
|
|
delay: 5
|
|
until: scale_down_coredns is succeeded
|
|
run_once: yes
|
|
when:
|
|
- kubeadm_scale_down_coredns_enabled
|
|
- dns_mode not in ['coredns', 'coredns_dual']
|
|
changed_when: false
|