From 00429b3d4995aadd3546b9ae5a3e51371c808fee Mon Sep 17 00:00:00 2001 From: k8s-infra-cherrypick-robot <90416843+k8s-infra-cherrypick-robot@users.noreply.github.com> Date: Tue, 17 Feb 2026 00:57:04 -0800 Subject: [PATCH] kubeadm_patches: remove old patches on inventory change (#13022) Currently, if changing the inventory variable `kubeadm_patches`, new patches will be created, but the existing ones will also be left on the filesystem, and applied by kubeadm ; this means that removed or changed configuration can linger. Cleanup old patches (which are the difference between existing patches on filesystem and the one created for the current runs). Co-authored-by: Max Gautier --- .../kubernetes/kubeadm_common/tasks/main.yml | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/roles/kubernetes/kubeadm_common/tasks/main.yml b/roles/kubernetes/kubeadm_common/tasks/main.yml index 0f8d3b0a0..9326a6777 100644 --- a/roles/kubernetes/kubeadm_common/tasks/main.yml +++ b/roles/kubernetes/kubeadm_common/tasks/main.yml @@ -3,9 +3,19 @@ file: path: "{{ kubeadm_patches_dir }}" state: directory - mode: "0640" + mode: "0750" when: kubeadm_patches | length > 0 +- name: Kubeadm | List existing kubeadm patches + find: + paths: + - "{{ kubeadm_patches_dir }}" + file_type: file + use_regex: true + patterns: + - '^(kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration)[0-9]+\+(strategic|json|merge).yaml$' + register: existing_kubeadm_patches + - name: Kubeadm | Copy kubeadm patches from inventory files copy: content: "{{ item.patch | to_yaml }}" @@ -15,3 +25,13 @@ loop: "{{ kubeadm_patches }}" loop_control: index_var: suffix + register: current_kubeadm_patches + +- name: Kubeadm | Delete old patches + loop: "{{ existing_kubeadm_patches.files | map(attribute='path') | + difference( + current_kubeadm_patches.results | map(attribute='dest') + ) }}" + file: + state: absent + path: "{{ item }}"