mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-03-06 11:11:15 -03:30
Update Kubernetes to v1.9.0 (#2100)
Update checksum for kubeadm Use v1.9.0 kubeadm params Include hash of ca.crt for kubeadm join Update tag for testing upgrades Add workaround for testing upgrades Remove scale CI scenarios because of slow inventory parsing in ansible 2.4.x. Change region for tests to us-central1 to improve ansible performance
This commit is contained in:
Matthew Mosesohn
GitHub
@@ -24,7 +24,7 @@ download_always_pull: False
|
||||
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"
|
||||
|
||||
# Versions
|
||||
kube_version: v1.8.4
|
||||
kube_version: v1.9.0
|
||||
kubeadm_version: "{{ kube_version }}"
|
||||
etcd_version: v3.2.4
|
||||
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
||||
@@ -36,27 +36,21 @@ calico_policy_version: "v1.0.0"
|
||||
calico_rr_version: "v0.4.0"
|
||||
flannel_version: "v0.9.1"
|
||||
flannel_cni_version: "v0.3.0"
|
||||
istio_version: "0.2.6"
|
||||
vault_version: 0.8.1
|
||||
weave_version: 2.0.5
|
||||
pod_infra_version: 3.0
|
||||
contiv_version: 1.1.7
|
||||
|
||||
# Download URLs
|
||||
istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
|
||||
kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
|
||||
vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
||||
|
||||
# Checksums
|
||||
kubeadm_checksum: "08c93bb83c1af8703d49027b863fee08721cb96900f8d70d4d45b50dd1e5bc2c"
|
||||
|
||||
istio_version: "0.2.6"
|
||||
|
||||
istioctl_download_url: "https://storage.googleapis.com/istio-release/releases/{{ istio_version }}/istioctl/istioctl-linux"
|
||||
istioctl_checksum: fd703063c540b8c0ab943f478c05ab257d88ae27224c746a27d0526ddbf7c370
|
||||
|
||||
vault_version: 0.8.1
|
||||
kubeadm_checksum: 069e386f620e7274e114226ab7532c2320be7f65328c1e55b23a69b73122b828
|
||||
vault_binary_checksum: 3c4d70ba71619a43229e65c67830e30e050eab7a81ac6b28325ff707e5914188
|
||||
vault_download_url: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
|
||||
vault_image_repo: "vault"
|
||||
vault_image_tag: "{{ vault_version }}"
|
||||
|
||||
|
||||
# Containers
|
||||
etcd_image_repo: "quay.io/coreos/etcd"
|
||||
@@ -127,6 +121,8 @@ helm_image_repo: "lachlanevenson/k8s-helm"
|
||||
helm_image_tag: "{{ helm_version }}"
|
||||
tiller_image_repo: "gcr.io/kubernetes-helm/tiller"
|
||||
tiller_image_tag: "{{ helm_version }}"
|
||||
vault_image_repo: "vault"
|
||||
vault_image_tag: "{{ vault_version }}"
|
||||
|
||||
downloads:
|
||||
netcheck_server:
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
---
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
|
||||
@@ -16,6 +16,13 @@
|
||||
path: "{{ kube_config_dir }}/kubelet.conf"
|
||||
register: kubelet_conf
|
||||
|
||||
|
||||
- name: Calculate kubeadm CA cert hash
|
||||
shell: openssl x509 -pubkey -in {{ kube_config_dir }}/ssl/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
|
||||
register: kubeadm_ca_hash
|
||||
delegate_to: "{{ groups['kube-master'][0] }}"
|
||||
run_once: true
|
||||
|
||||
- name: Create kubeadm client config
|
||||
template:
|
||||
src: kubeadm-client.conf.j2
|
||||
@@ -25,7 +32,10 @@
|
||||
register: kubeadm_client_conf
|
||||
|
||||
- name: Join to cluster if needed
|
||||
command: "{{ bin_dir }}/kubeadm join --config {{ kube_config_dir}}/kubeadm-client.conf --skip-preflight-checks"
|
||||
command: >-
|
||||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir}}/kubeadm-client.conf
|
||||
--ignore-preflight-errors=all
|
||||
register: kubeadm_join
|
||||
when: not is_kube_master and (kubeadm_client_conf.changed or not kubelet_conf.stat.exists)
|
||||
|
||||
|
||||
@@ -4,3 +4,5 @@ caCertPath: {{ kube_config_dir }}/ssl/ca.crt
|
||||
token: {{ kubeadm_token }}
|
||||
discoveryTokenAPIServers:
|
||||
- {{ kubeadm_discovery_address | replace("https://", "")}}
|
||||
DiscoveryTokenCACertHashes:
|
||||
- sha256:{{ kubeadm_ca_hash.stdout }}
|
||||
|
||||
@@ -72,7 +72,7 @@
|
||||
register: kubeadm_config
|
||||
|
||||
- name: kubeadm | Initialize first master
|
||||
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks
|
||||
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all
|
||||
register: kubeadm_init
|
||||
# Retry is because upload config sometimes fails
|
||||
retries: 3
|
||||
@@ -86,7 +86,7 @@
|
||||
{{ bin_dir }}/kubeadm
|
||||
upgrade apply -y {{ kube_version }}
|
||||
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
||||
--skip-preflight-checks
|
||||
--ignore-preflight-errors=all
|
||||
--allow-experimental-upgrades
|
||||
--allow-release-candidate-upgrades
|
||||
register: kubeadm_upgrade
|
||||
@@ -135,7 +135,7 @@
|
||||
when: inventory_hostname != groups['kube-master']|first
|
||||
|
||||
- name: kubeadm | Init other uninitialized masters
|
||||
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --skip-preflight-checks
|
||||
command: timeout -k 240s 240s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all
|
||||
register: kubeadm_init
|
||||
when: inventory_hostname != groups['kube-master']|first and not kubeadm_ca.stat.exists
|
||||
failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
|
||||
@@ -147,7 +147,7 @@
|
||||
{{ bin_dir }}/kubeadm
|
||||
upgrade apply -y {{ kube_version }}
|
||||
--config={{ kube_config_dir }}/kubeadm-config.yaml
|
||||
--skip-preflight-checks
|
||||
--ignore-preflight-errors=all
|
||||
--allow-experimental-upgrades
|
||||
--allow-release-candidate-upgrades
|
||||
register: kubeadm_upgrade
|
||||
|
||||
@@ -16,7 +16,9 @@ networking:
|
||||
serviceSubnet: {{ kube_service_addresses }}
|
||||
podSubnet: {{ kube_pods_subnet }}
|
||||
kubernetesVersion: {{ kube_version }}
|
||||
cloudProvider: {{ cloud_provider|default('') }}
|
||||
{% if cloud_provider is defined and cloud_provider != "gce" %}
|
||||
cloudProvider: {{ cloud_provider }}
|
||||
{% endif %}
|
||||
authorizationModes:
|
||||
{% for mode in authorization_modes %}
|
||||
- {{ mode }}
|
||||
|
||||
@@ -13,7 +13,7 @@ kube_api_anonymous_auth: false
|
||||
is_atomic: false
|
||||
|
||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||
kube_version: v1.8.4
|
||||
kube_version: v1.9.0
|
||||
|
||||
# Set to true to allow pre-checks to fail and continue deployment
|
||||
ignore_assert_errors: false
|
||||
|
||||
Reference in New Issue
Block a user