| pceicicd | 31af17b | 2022-12-14 17:32:00 +0000 | [diff] [blame^] | 1 | --- |
| 2 | - name: Check ansible version |
| 3 | import_playbook: ansible_version.yml |
| 4 | |
| 5 | - name: Ensure compatibility with old groups |
| 6 | import_playbook: legacy_groups.yml |
| 7 | |
| 8 | - hosts: bastion[0] |
| 9 | gather_facts: False |
| 10 | environment: "{{ proxy_disable_env }}" |
| 11 | roles: |
| 12 | - { role: kubespray-defaults } |
| 13 | - { role: bastion-ssh-config, tags: ["localhost", "bastion"] } |
| 14 | |
| 15 | - hosts: k8s_cluster:etcd:calico_rr |
| 16 | strategy: linear |
| 17 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 18 | gather_facts: false |
| 19 | environment: "{{ proxy_disable_env }}" |
| 20 | vars: |
| 21 | # Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining |
| 22 | # fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled. |
| 23 | ansible_ssh_pipelining: false |
| 24 | roles: |
| 25 | - { role: kubespray-defaults } |
| 26 | - { role: bootstrap-os, tags: bootstrap-os} |
| 27 | |
| 28 | - name: Gather facts |
| 29 | tags: always |
| 30 | import_playbook: facts.yml |
| 31 | |
| 32 | - name: Download images to ansible host cache via first kube_control_plane node |
| 33 | hosts: kube_control_plane[0] |
| 34 | gather_facts: False |
| 35 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 36 | environment: "{{ proxy_disable_env }}" |
| 37 | roles: |
| 38 | - { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost"} |
| 39 | - { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" } |
| 40 | - { role: download, tags: download, when: "not skip_downloads and download_run_once and not download_localhost" } |
| 41 | |
| 42 | - name: Prepare nodes for upgrade |
| 43 | hosts: k8s_cluster:etcd:calico_rr |
| 44 | gather_facts: False |
| 45 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 46 | environment: "{{ proxy_disable_env }}" |
| 47 | roles: |
| 48 | - { role: kubespray-defaults } |
| 49 | - { role: kubernetes/preinstall, tags: preinstall } |
| 50 | - { role: download, tags: download, when: "not skip_downloads" } |
| 51 | |
| 52 | - name: Upgrade container engine on non-cluster nodes |
| 53 | hosts: etcd:calico_rr:!k8s_cluster |
| 54 | gather_facts: False |
| 55 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 56 | environment: "{{ proxy_disable_env }}" |
| 57 | serial: "{{ serial | default('20%') }}" |
| 58 | roles: |
| 59 | - { role: kubespray-defaults } |
| 60 | - { role: container-engine, tags: "container-engine", when: deploy_container_engine } |
| 61 | |
| 62 | - hosts: etcd |
| 63 | gather_facts: False |
| 64 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 65 | environment: "{{ proxy_disable_env }}" |
| 66 | roles: |
| 67 | - { role: kubespray-defaults } |
| 68 | - role: etcd |
| 69 | tags: etcd |
| 70 | vars: |
| 71 | etcd_cluster_setup: true |
| 72 | etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}" |
| 73 | when: etcd_deployment_type != "kubeadm" |
| 74 | |
| 75 | - hosts: k8s_cluster |
| 76 | gather_facts: False |
| 77 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 78 | environment: "{{ proxy_disable_env }}" |
| 79 | roles: |
| 80 | - { role: kubespray-defaults } |
| 81 | - role: etcd |
| 82 | tags: etcd |
| 83 | vars: |
| 84 | etcd_cluster_setup: false |
| 85 | etcd_events_cluster_setup: false |
| 86 | when: etcd_deployment_type != "kubeadm" |
| 87 | |
| 88 | - name: Handle upgrades to master components first to maintain backwards compat. |
| 89 | gather_facts: False |
| 90 | hosts: kube_control_plane |
| 91 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 92 | environment: "{{ proxy_disable_env }}" |
| 93 | serial: 1 |
| 94 | roles: |
| 95 | - { role: kubespray-defaults } |
| 96 | - { role: upgrade/pre-upgrade, tags: pre-upgrade } |
| 97 | - { role: container-engine, tags: "container-engine", when: deploy_container_engine } |
| 98 | - { role: kubernetes/node, tags: node } |
| 99 | - { role: kubernetes/control-plane, tags: master, upgrade_cluster_setup: true } |
| 100 | - { role: kubernetes/client, tags: client } |
| 101 | - { role: kubernetes/node-label, tags: node-label } |
| 102 | - { role: kubernetes-apps/cluster_roles, tags: cluster-roles } |
| 103 | - { role: kubernetes-apps, tags: csi-driver } |
| 104 | - { role: upgrade/post-upgrade, tags: post-upgrade } |
| 105 | |
| 106 | - name: Upgrade calico and external cloud provider on all masters, calico-rrs, and nodes |
| 107 | hosts: kube_control_plane:calico_rr:kube_node |
| 108 | gather_facts: False |
| 109 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 110 | serial: "{{ serial | default('20%') }}" |
| 111 | environment: "{{ proxy_disable_env }}" |
| 112 | roles: |
| 113 | - { role: kubespray-defaults } |
| 114 | - { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller } |
| 115 | - { role: network_plugin, tags: network } |
| 116 | - { role: kubernetes-apps/network_plugin, tags: network } |
| 117 | - { role: kubernetes-apps/policy_controller, tags: policy-controller } |
| 118 | |
| 119 | - name: Finally handle worker upgrades, based on given batch size |
| 120 | hosts: kube_node:calico_rr:!kube_control_plane |
| 121 | gather_facts: False |
| 122 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 123 | environment: "{{ proxy_disable_env }}" |
| 124 | serial: "{{ serial | default('20%') }}" |
| 125 | roles: |
| 126 | - { role: kubespray-defaults } |
| 127 | - { role: upgrade/pre-upgrade, tags: pre-upgrade } |
| 128 | - { role: container-engine, tags: "container-engine", when: deploy_container_engine } |
| 129 | - { role: kubernetes/node, tags: node } |
| 130 | - { role: kubernetes/kubeadm, tags: kubeadm } |
| 131 | - { role: kubernetes/node-label, tags: node-label } |
| 132 | - { role: upgrade/post-upgrade, tags: post-upgrade } |
| 133 | |
| 134 | - hosts: kube_control_plane[0] |
| 135 | gather_facts: False |
| 136 | any_errors_fatal: true |
| 137 | environment: "{{ proxy_disable_env }}" |
| 138 | roles: |
| 139 | - { role: kubespray-defaults } |
| 140 | - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] } |
| 141 | |
| 142 | - hosts: calico_rr |
| 143 | gather_facts: False |
| 144 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 145 | environment: "{{ proxy_disable_env }}" |
| 146 | roles: |
| 147 | - { role: kubespray-defaults } |
| 148 | - { role: network_plugin/calico/rr, tags: network } |
| 149 | |
| 150 | - hosts: kube_control_plane |
| 151 | gather_facts: False |
| 152 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 153 | environment: "{{ proxy_disable_env }}" |
| 154 | roles: |
| 155 | - { role: kubespray-defaults } |
| 156 | - { role: kubernetes-apps/ingress_controller, tags: ingress-controller } |
| 157 | - { role: kubernetes-apps/external_provisioner, tags: external-provisioner } |
| 158 | - { role: kubernetes-apps, tags: apps } |
| 159 | |
| 160 | - name: Apply resolv.conf changes now that cluster DNS is up |
| 161 | hosts: k8s_cluster |
| 162 | gather_facts: False |
| 163 | any_errors_fatal: "{{ any_errors_fatal | default(true) }}" |
| 164 | environment: "{{ proxy_disable_env }}" |
| 165 | roles: |
| 166 | - { role: kubespray-defaults } |
| 167 | - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true } |