-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to kubernetes 1.11 #473
Changes from 19 commits
8c7b9b6
9d8dd2a
88e5963
725058d
5eb4980
1cf8599
b6c5d0b
1fe6a34
41f1f97
b636d87
4c8b329
52b41c1
3398aea
74a3f5c
1c738b0
a17646b
16a3ba8
3b2ca3e
04ff097
e2e0679
5852fc8
afeddca
28cb028
da369bb
488a074
61157a4
1fd400f
9cd4b66
2849378
704b384
23d83b7
02150f9
467bc7a
75e1463
c682ce5
dcdbda1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,12 +2,15 @@ | |
|
||
set -ex | ||
|
||
if [ $(kubeadm version -o short) = "v${VERSION}" ]; then | ||
if [ -x /usr/local/bin/pharos-kubeadm-${VERSION} ]; then | ||
exit | ||
fi | ||
|
||
cd /tmp | ||
export DEBIAN_FRONTEND=noninteractive | ||
apt-get download kubeadm=${VERSION}-00 | ||
dpkg -i --ignore-depends=kubelet kubeadm_${VERSION}*.deb | ||
rm -f kubeadm_${VERSION}*.deb | ||
BIN_URL="https://dl.bintray.com/kontena/pharos-bin/kube/${VERSION}/kubeadm-${ARCH}.gz" | ||
|
||
curl -fsSL $BIN_URL -o /tmp/kubeadm.gz | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need to curl binary because kubeadm decided to depend on There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No, it's because upgrading the I don't seem to have copied the exact error, but IIRC this somehow broke |
||
curl -fsSL "${BIN_URL}.asc" -o tmp/kubeadm.gz.asc | ||
gpg --verify /tmp/kubeadm.gz.asc /tmp/kubeadm.gz | ||
gunzip /tmp/kubeadm.gz | ||
install -o root -g root -m 0755 -T /tmp/kubeadm /usr/local/bin/pharos-kubeadm-${VERSION} | ||
rm /tmp/kubeadm /tmp/kubeadm.gz.asc |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,9 +21,12 @@ def initialize(config, host) | |
# @return [Hash] | ||
def generate_config | ||
config = { | ||
'apiVersion' => 'kubeadm.k8s.io/v1alpha1', | ||
'apiVersion' => 'kubeadm.k8s.io/v1alpha2', | ||
'kind' => 'MasterConfiguration', | ||
'nodeName' => @host.hostname, | ||
|
||
'nodeRegistration' => { | ||
'name' => @host.hostname | ||
}, | ||
'kubernetesVersion' => Pharos::KUBE_VERSION, | ||
'imageRepository' => @config.image_repository, | ||
'api' => { | ||
|
@@ -35,24 +38,25 @@ def generate_config | |
'serviceSubnet' => @config.network.service_cidr, | ||
'podSubnet' => @config.network.pod_network_cidr | ||
}, | ||
'apiServerExtraArgs' => {}, | ||
'controllerManagerExtraArgs' => { | ||
'horizontal-pod-autoscaler-use-rest-clients' => 'true' | ||
}, | ||
'noTaintMaster' => !master_taint? | ||
} | ||
} | ||
|
||
if @host.container_runtime == 'cri-o' | ||
config['criSocket'] = '/var/run/crio/crio.sock' | ||
unless master_taint? | ||
config['nodeRegistration']['taints'] = [] | ||
end | ||
|
||
config['apiServerExtraArgs'] = { | ||
'apiserver-count' => @config.master_hosts.size.to_s | ||
} | ||
if @host.container_runtime == 'cri-o' | ||
config['nodeRegistration']['criSocket'] = '/var/run/crio/crio.sock' | ||
end | ||
|
||
if @config.cloud && @config.cloud.provider != 'external' | ||
config['cloudProvider'] = @config.cloud.provider | ||
if @config.cloud.config | ||
config['apiServerExtraArgs']['cloud-provider'] = @config.cloud.provider | ||
config['apiServerExtraArgs']['cloud-config'] = CLOUD_CFG_FILE | ||
config['controllerManagerExtraArgs']['cloud-provider'] = @config.cloud.provider | ||
config['controllerManagerExtraArgs']['cloud-config'] = CLOUD_CFG_FILE | ||
end | ||
end | ||
|
@@ -121,23 +125,27 @@ def configure_internal_etcd(config) | |
"https://#{h.peer_address}:2379" | ||
} | ||
config['etcd'] = { | ||
'endpoints' => endpoints | ||
'external' => { | ||
'endpoints' => endpoints | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why don't we set There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Dunno, kept the existing code structure as-is... I can refactor it at the same time, need to test the external etcd setup anyways. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ...probably because the external etcd case has all of these as conditionals, and it's a pain to write any other way. |
||
} | ||
} | ||
|
||
config['etcd']['certFile'] = '/etc/pharos/pki/etcd/client.pem' | ||
config['etcd']['caFile'] = '/etc/pharos/pki/ca.pem' | ||
config['etcd']['keyFile'] = '/etc/pharos/pki/etcd/client-key.pem' | ||
config['etcd']['external']['certFile'] = '/etc/pharos/pki/etcd/client.pem' | ||
config['etcd']['external']['caFile'] = '/etc/pharos/pki/ca.pem' | ||
config['etcd']['external']['keyFile'] = '/etc/pharos/pki/etcd/client-key.pem' | ||
end | ||
|
||
# @param config [Hash] | ||
def configure_external_etcd(config) | ||
config['etcd'] = { | ||
'endpoints' => @config.etcd.endpoints | ||
'external' => { | ||
'endpoints' => @config.etcd.endpoints | ||
} | ||
} | ||
|
||
config['etcd']['certFile'] = '/etc/pharos/etcd/certificate.pem' if @config.etcd.certificate | ||
config['etcd']['caFile'] = '/etc/pharos/etcd/ca-certificate.pem' if @config.etcd.ca_certificate | ||
config['etcd']['keyFile'] = '/etc/pharos/etcd/certificate-key.pem' if @config.etcd.key | ||
config['etcd']['external']['certFile'] = '/etc/pharos/etcd/certificate.pem' if @config.etcd.certificate | ||
config['etcd']['external']['caFile'] = '/etc/pharos/etcd/ca-certificate.pem' if @config.etcd.ca_certificate | ||
config['etcd']['external']['keyFile'] = '/etc/pharos/etcd/certificate-key.pem' if @config.etcd.key | ||
end | ||
|
||
# @param config [Hash] | ||
|
@@ -189,19 +197,13 @@ def volume_mounts_for_authentication_token_webhook | |
# @param config [Hash] | ||
def configure_kube_proxy(config) | ||
config['kubeProxy'] = { | ||
'config' => { | ||
'featureGates' => {} | ||
} | ||
'config' => {} | ||
} | ||
|
||
if @config.kube_proxy.mode | ||
config['kubeProxy']['config']['mode'] = @config.kube_proxy.mode | ||
end | ||
|
||
if @config.kube_proxy.mode == 'ipvs' | ||
config['kubeProxy']['config']['featureGates']['SupportIPVSProxyMode'] = true | ||
end | ||
|
||
config | ||
end | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,7 +6,8 @@ class ConfigureDNS < Pharos::Phase | |
title "Configure DNS" | ||
|
||
def call | ||
patch_kubedns( | ||
patch_deployment( | ||
'coredns', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does this kube-dns -> coredns change cause downtime when upgrading from Pharos 1.2? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe, I didn't test to see how it behaves exactly. If coredns is the new default, then I don't think we'd want to stick with kube-dns long-term. Options are:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
This would be non-trivial to implement, because it would require kube API access before There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Nope, it should be smooth ride (kube-dns deployment is removed after coredns is running). |
||
replicas: @config.dns_replicas, | ||
max_surge: max_surge, | ||
max_unavailable: max_unavailable | ||
|
@@ -45,15 +46,15 @@ def max_unavailable | |
|
||
# @param replicas [Integer] | ||
# @param nodes [Integer] | ||
def patch_kubedns(replicas:, max_surge:, max_unavailable:) | ||
logger.info { "Patching kube-dns addon with #{replicas} replicas (max-surge #{max_surge}, max-unavailable #{max_unavailable})..." } | ||
def patch_deployment(name, replicas:, max_surge:, max_unavailable:) | ||
logger.info { "Patching #{name} deployment with #{replicas} replicas (max-surge #{max_surge}, max-unavailable #{max_unavailable})..." } | ||
|
||
resource = Pharos::Kube.session(@master.api_address).resource( | ||
apiVersion: 'extensions/v1beta1', | ||
kind: 'Deployment', | ||
metadata: { | ||
namespace: 'kube-system', | ||
name: 'kube-dns' | ||
name: name | ||
}, | ||
spec: { | ||
replicas: replicas, | ||
|
@@ -75,9 +76,7 @@ def patch_kubedns(replicas:, max_surge:, max_unavailable:) | |
{ | ||
key: "k8s-app", | ||
operator: "In", | ||
values: [ | ||
"kube-dns" | ||
] | ||
values: [name] | ||
} | ||
] | ||
}, | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,7 +9,7 @@ | |
|
||
module Pharos | ||
CRIO_VERSION = '1.10.6' | ||
KUBE_VERSION = ENV.fetch('KUBE_VERSION') { '1.10.5' } | ||
KUBE_VERSION = ENV.fetch('KUBE_VERSION') { '1.11.0' } | ||
KUBEADM_VERSION = ENV.fetch('KUBEADM_VERSION') { KUBE_VERSION } | ||
ETCD_VERSION = ENV.fetch('ETCD_VERSION') { '3.1.12' } | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Etcd version is still the same? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Myes, seems to have gotten lost in all of the
|
||
KUBELET_PROXY_VERSION = '0.3.6' | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe
ConfigureKubelet
should be writing the/etc/default/kubelet
instead, but that's annoying since it varies by OS.