mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-03-20 18:37:46 -02:30
Upgrade to kubeadm (#1667)
* Enable upgrade to kubeadm * fix kubedns upgrade * try upgrade route * use init/upgrade strategy for kubeadm and ignore kubedns svc * Use bin_dir for kubeadm * delete more secrets * fix waiting for terminating pods * Manually enforce kube-proxy for kubeadm deploy * remove proxy. update to kubeadm 1.8.0rc1
This commit is contained in:
Matthew Mosesohn
GitHub
@@ -8,7 +8,17 @@
|
||||
delay: 6
|
||||
when: inventory_hostname == groups['kube-master'][0]
|
||||
|
||||
- name: kubeadm | Delete kubeadm kubedns
|
||||
- name: Kubernetes Apps | Delete old kubedns resources
|
||||
kube:
|
||||
name: "kubedns"
|
||||
namespace: "{{ system_namespace }}"
|
||||
kubectl: "{{bin_dir}}/kubectl"
|
||||
resource: "{{ item }}"
|
||||
state: absent
|
||||
with_items: ['deploy', 'svc']
|
||||
tags: upgrade
|
||||
|
||||
- name: Kubernetes Apps | Delete kubeadm kubedns
|
||||
kube:
|
||||
name: "kubedns"
|
||||
namespace: "{{ system_namespace }}"
|
||||
@@ -25,9 +35,9 @@
|
||||
src: "{{item.file}}"
|
||||
dest: "{{kube_config_dir}}/{{item.file}}"
|
||||
with_items:
|
||||
- {name: kubedns, file: kubedns-sa.yml, type: sa}
|
||||
- {name: kubedns, file: kubedns-deploy.yml.j2, type: deployment}
|
||||
- {name: kubedns, file: kubedns-svc.yml, type: svc}
|
||||
- {name: kube-dns, file: kubedns-sa.yml, type: sa}
|
||||
- {name: kube-dns, file: kubedns-deploy.yml.j2, type: deployment}
|
||||
- {name: kube-dns, file: kubedns-svc.yml, type: svc}
|
||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler-sa.yml, type: sa}
|
||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrole.yml, type: clusterrole}
|
||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
|
||||
|
||||
@@ -1,15 +1,4 @@
|
||||
---
|
||||
# FIXME: remove if kubernetes/features#124 is implemented
|
||||
- name: Weave | Purge old weave daemonset
|
||||
kube:
|
||||
name: "weave-net"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/weave-net.yml"
|
||||
resource: "ds"
|
||||
namespace: "{{system_namespace}}"
|
||||
state: absent
|
||||
when: inventory_hostname == groups['kube-master'][0] and weave_manifest.changed
|
||||
|
||||
- name: Weave | Start Resources
|
||||
kube:
|
||||
name: "weave-net"
|
||||
|
||||
20
roles/kubernetes-apps/rotate_tokens/tasks/main.yml
Normal file
20
roles/kubernetes-apps/rotate_tokens/tasks/main.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
#FIXME(mattymo): Exclude built in secrets that were automatically rotated,
|
||||
#instead of filtering manually
|
||||
- name: Rotate Tokens | Get all serviceaccount tokens to expire
|
||||
shell: >-
|
||||
{{ bin_dir }}/kubectl get secrets --all-namespaces
|
||||
-o 'jsonpath={range .items[*]}{"\n"}{.metadata.namespace}{" "}{.metadata.name}{" "}{.type}{end}'
|
||||
| grep kubernetes.io/service-account-token
|
||||
| egrep 'default-token|kube-proxy|kube-dns|dnsmasq|netchecker|weave|calico|canal|flannel|dashboard|cluster-proportional-autoscaler|efk|tiller'
|
||||
register: tokens_to_delete
|
||||
run_once: true
|
||||
|
||||
- name: Rotate Tokens | Delete expired tokens
|
||||
command: "{{ bin_dir }}/kubectl delete secrets -n {{ item.split(' ')[0] }} {{ item.split(' ')[1] }}"
|
||||
with_items: "{{ tokens_to_delete.stdout_lines }}"
|
||||
run_once: true
|
||||
|
||||
- name: Rotate Tokens | Delete pods in system namespace
|
||||
command: "{{ bin_dir }}/kubectl delete pods -n {{ system_namespace }} --all"
|
||||
run_once: true
|
||||
Reference in New Issue
Block a user