fix: various fixes to improved upgrade reliability

This commit is contained in:
Stefan Reimer 2024-10-28 14:21:11 +00:00
parent b8f1991095
commit 591cb0fc46
6 changed files with 36 additions and 15 deletions

View File

@ -61,6 +61,8 @@ function cert-manager-post() {
# ArgoCD # # ArgoCD #
########### ###########
function argocd-pre() { function argocd-pre() {
kubectl delete job argo-argocd-redis-secret-init -n argocd || true
for f in $CLUSTER/secrets/argocd-*.yaml; do for f in $CLUSTER/secrets/argocd-*.yaml; do
kubectl apply -f $f kubectl apply -f $f
done done

View File

@ -129,6 +129,8 @@ kubeadm_upgrade() {
### Remove with 1.31 ### Remove with 1.31
# migrate kubezero CM to kubezero NS # migrate kubezero CM to kubezero NS
# migrate ArgoCD app from values to valuesObject # migrate ArgoCD app from values to valuesObject
create_ns kubezero
if [ "$ARGOCD" == "True" ]; then if [ "$ARGOCD" == "True" ]; then
kubectl get app kubezero -n argocd -o yaml > $WORKDIR/kubezero-argo-app.yaml kubectl get app kubezero -n argocd -o yaml > $WORKDIR/kubezero-argo-app.yaml
if [ "$(yq '(.spec.source.helm | has "values")' $WORKDIR/kubezero-argo-app.yaml)" == "true" ]; then if [ "$(yq '(.spec.source.helm | has "values")' $WORKDIR/kubezero-argo-app.yaml)" == "true" ]; then
@ -137,11 +139,12 @@ kubeadm_upgrade() {
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/spec/source/helm/values"}]' kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/spec/source/helm/values"}]'
kubectl delete cm kubezero-values -n kube-system > /dev/null || true kubectl delete cm kubezero-values -n kube-system > /dev/null || true
kubectl create configmap -n kubezero kubezero-values || true
fi fi
else else
kubectl get cm kubezero-values -n kubezero > /dev/null || \ kubectl get cm kubezero-values -n kubezero > /dev/null || \
{ create_ns kubezero; kubectl get cm kubezero-values -n kube-system -o yaml | \ { kubectl get cm kubezero-values -n kube-system -o yaml | \
sed 's/^ namespace: kube-system/ namespace: kubezero/' | \ sed 's/^ namespace: kube-system/ namespace: kubezero/' | \
kubectl create -f - && \ kubectl create -f - && \
kubectl delete cm kubezero-values -n kube-system ; } kubectl delete cm kubezero-values -n kube-system ; }
@ -157,16 +160,18 @@ kubeadm_upgrade() {
# Update kubezero-values CM # Update kubezero-values CM
kubectl get cm -n kubezero kubezero-values -o=yaml | \ kubectl get cm -n kubezero kubezero-values -o=yaml | \
yq e '.data."values.yaml" |= load_str("/tmp/kubezero/new-kubezero-values.yaml")' | \ yq e '.data."values.yaml" |= load_str("/tmp/kubezero/new-kubezero-values.yaml")' | \
kubectl replace -f -
# update argo app
export kubezero_chart_version=$(yq .version $CHARTS/kubezero/Chart.yaml)
kubectl get application kubezero -n argocd -o yaml | \
yq '.spec.source.helm.valuesObject |= load("/tmp/kubezero/new-kubezero-values.yaml") | .spec.source.targetRevision = strenv(kubezero_chart_version)' | \
kubectl apply --server-side --force-conflicts -f - kubectl apply --server-side --force-conflicts -f -
# finally remove annotation to allow argo to sync again if [ "$ARGOCD" == "True" ]; then
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/annotations"}]' || true # update argo app
export kubezero_chart_version=$(yq .version $CHARTS/kubezero/Chart.yaml)
kubectl get application kubezero -n argocd -o yaml | \
yq '.spec.source.helm.valuesObject |= load("/tmp/kubezero/new-kubezero-values.yaml") | .spec.source.targetRevision = strenv(kubezero_chart_version)' | \
kubectl apply --server-side --force-conflicts -f -
# finally remove annotation to allow argo to sync again
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/metadata/annotations"}]' || true
fi
# Local node upgrade # Local node upgrade
render_kubeadm upgrade render_kubeadm upgrade

View File

@ -267,6 +267,8 @@ EOF
function control_plane_upgrade() { function control_plane_upgrade() {
TASKS="$1" TASKS="$1"
[ -z "$KUBE_VERSION" ] && KUBE_VERSION="latest"
echo "Deploy cluster admin task: $TASKS" echo "Deploy cluster admin task: $TASKS"
cat <<EOF | kubectl apply -f - cat <<EOF | kubectl apply -f -
apiVersion: v1 apiVersion: v1

View File

@ -19,9 +19,6 @@ echo "Checking that all pods in kube-system are running ..."
[ "$ARGOCD" == "True" ] && disable_argo [ "$ARGOCD" == "True" ] && disable_argo
# Preload cilium images to running nodes
all_nodes_upgrade "chroot /host crictl pull quay.io/cilium/cilium:v1.16.3"
control_plane_upgrade kubeadm_upgrade control_plane_upgrade kubeadm_upgrade
echo "Control plane upgraded, <Return> to continue" echo "Control plane upgraded, <Return> to continue"
@ -35,6 +32,10 @@ read -r
# #
# upgrade modules # upgrade modules
#
# Preload cilium images to running nodes
all_nodes_upgrade "chroot /host crictl pull quay.io/cilium/cilium:v1.16.3"
control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators" control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators"
echo "Checking that all pods in kube-system are running ..." echo "Checking that all pods in kube-system are running ..."

View File

@ -0,0 +1,11 @@
--- charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml
+++ charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml
@@ -117,7 +117,7 @@ spec:
containers:
- name: aws-iam-authenticator
- image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.22
+ image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.27
args:
- server
- --backend-mode=CRD,MountedFile

View File

@ -43,7 +43,7 @@ network:
cert-manager: cert-manager:
enabled: false enabled: false
namespace: cert-manager namespace: cert-manager
targetRevision: 0.9.9 targetRevision: 0.9.10
storage: storage:
enabled: false enabled: false
@ -96,7 +96,7 @@ telemetry:
operators: operators:
enabled: false enabled: false
namespace: operators namespace: operators
targetRevision: 0.1.4 targetRevision: 0.1.5
metrics: metrics:
enabled: false enabled: false
@ -114,7 +114,7 @@ metrics:
logging: logging:
enabled: false enabled: false
namespace: logging namespace: logging
targetRevision: 0.8.12 targetRevision: 0.8.13
argo: argo:
enabled: false enabled: false