c12s-kubespray/roles/kubernetes/master/tasks/pre-upgrade.yml
Matthew Mosesohn badb432230 Individual etcd ssl certs
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
2016-12-21 18:15:47 +03:00

49 lines
1.9 KiB
YAML

---
- name: "Pre-upgrade | check for kube-apiserver unit file"
stat:
path: /etc/systemd/system/kube-apiserver.service
register: kube_apiserver_service_file
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | check for kube-apiserver init script"
stat:
path: /etc/init.d/kube-apiserver
register: kube_apiserver_init_script
tags: [facts, kube-apiserver]
- name: "Pre-upgrade | stop kube-apiserver if service defined"
service:
name: kube-apiserver
state: stopped
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
tags: kube-apiserver
- name: "Pre-upgrade | remove kube-apiserver service definition"
file:
path: "{{ item }}"
state: absent
when: (kube_apiserver_service_file.stat.exists|default(False) or kube_apiserver_init_script.stat.exists|default(False))
with_items:
- /etc/systemd/system/kube-apiserver.service
- /etc/init.d/kube-apiserver
tags: kube-apiserver
- name: "Pre-upgrade | See if kube-apiserver manifest exists"
stat:
path: /etc/kubernetes/manifests/kube-apiserver.manifest
register: kube_apiserver_manifest
when: secret_changed|default(false) or etcd_secret_changed|default(false)
- name: "Pre-upgrade | Write invalid image to kube-apiserver manifest if secrets were changed"
replace:
dest: /etc/kubernetes/manifests/kube-apiserver.manifest
regexp: '(\s+)image:\s+.*?$'
replace: '\1image: kill.apiserver.using.fake.image.in:manifest'
register: kube_apiserver_manifest_replaced
when: secret_changed|default(false) or etcd_secret_changed|default(false) and kube_apiserver_manifest.stat.exists
- name: "Pre-upgrade | Pause while waiting for kubelet to delete kube-apiserver pod"
pause: seconds=20
when: secret_changed|default(false) or etcd_secret_changed|default(false) and kube_apiserver_manifest.stat.exists
tags: kube-apiserver