Debian: Add kubernetes 1.23.1 upgrade script to kubernetes-unversioned

Add two files to Debian package kubernetes-unversioned to support
kubernetes upgrades.  We need to remove undesired feature gates from the
kubeadm configmap before the upgrade to 1.24.

The following two files are both required by puppet class:
platform::kubernetes::upgrade_first_control_plane,
* upgrade_k8s_config.sh - upgrade script to update apiserver/kubelet
  configmap
* kubelet_override.yaml - empty / non-customized override file. This
  file is being referenced, we keep override functionality even though
  we do not currently require kubelet overrides.

Test Plan:
TODO: Kubernetes upgrade from k8s 1.23 to 1.24
TODO: Platform upgrade from k8s 1.23, followed by kubernetes upgrade
      from k8s 1.23 to 1.24

Story: 2010301
Task: 46692

Signed-off-by: Jim Gauld <james.gauld@windriver.com>
Change-Id: Ibb2438c79b2983d2bc6beeaec287795f3c6c124f
This commit is contained in:
Jim Gauld 2022-10-27 12:06:28 -04:00
parent 72236e68f8
commit 188a92fe0e
5 changed files with 105 additions and 1 deletions

View File

@ -3,7 +3,7 @@ Upstream-Name: kubernetes-unversioned
Source: https://opendev.org/starlingx/integ/src/branch/master/kubernetes/kubernetes-unversioned Source: https://opendev.org/starlingx/integ/src/branch/master/kubernetes/kubernetes-unversioned
Files: * Files: *
Copyright: (c) 2021 Wind River Systems, Inc Copyright: (c) 2022 Wind River Systems, Inc
(c) Others (See individual files for more details) (c) Others (See individual files for more details)
License: Apache-2 License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");

View File

@ -0,0 +1,2 @@
---
# no customizations

View File

@ -2,7 +2,9 @@ usr/lib/systemd/system/kubelet.service
etc/kubernetes/config etc/kubernetes/config
etc/kubernetes/kubelet etc/kubernetes/kubelet
etc/kubernetes/kubelet.kubeconfig etc/kubernetes/kubelet.kubeconfig
etc/kubernetes/kubelet_override.yaml
etc/kubernetes/proxy etc/kubernetes/proxy
etc/systemd/system.conf.d/kubernetes-accounting.conf etc/systemd/system.conf.d/kubernetes-accounting.conf
usr/lib/tmpfiles.d/kubernetes.conf usr/lib/tmpfiles.d/kubernetes.conf
usr/local/sbin/sanitize_kubelet_reserved_cpus.sh usr/local/sbin/sanitize_kubelet_reserved_cpus.sh
usr/local/sbin/upgrade_k8s_config.sh

View File

@ -43,6 +43,7 @@ override_dh_install:
install -v -m 644 -t ${DEBIAN_DESTDIR}/etc/${_k8s_name} contrib/init/systemd/environ/kubelet install -v -m 644 -t ${DEBIAN_DESTDIR}/etc/${_k8s_name} contrib/init/systemd/environ/kubelet
install -v -m 644 -t ${DEBIAN_DESTDIR}/etc/${_k8s_name} contrib/init/systemd/environ/kubelet.kubeconfig install -v -m 644 -t ${DEBIAN_DESTDIR}/etc/${_k8s_name} contrib/init/systemd/environ/kubelet.kubeconfig
install -v -m 644 -t ${DEBIAN_DESTDIR}/etc/${_k8s_name} contrib/init/systemd/environ/proxy install -v -m 644 -t ${DEBIAN_DESTDIR}/etc/${_k8s_name} contrib/init/systemd/environ/proxy
install -v -m 644 -t ${DEBIAN_DESTDIR}/etc/${_k8s_name} debian/kubelet_override.yaml
# install config files # install config files
install -v -d -m 0755 ${DEBIAN_DESTDIR}/usr/lib/tmpfiles.d install -v -d -m 0755 ${DEBIAN_DESTDIR}/usr/lib/tmpfiles.d
@ -64,6 +65,7 @@ override_dh_install:
# install scripts # install scripts
install -v -m 0700 -d ${DEBIAN_DESTDIR}${_local_sbindir} install -v -m 0700 -d ${DEBIAN_DESTDIR}${_local_sbindir}
install -v -m 0700 -t ${DEBIAN_DESTDIR}${_local_sbindir} debian/sanitize_kubelet_reserved_cpus.sh install -v -m 0700 -t ${DEBIAN_DESTDIR}${_local_sbindir} debian/sanitize_kubelet_reserved_cpus.sh
install -v -m 0700 -t ${DEBIAN_DESTDIR}${_local_sbindir} debian/upgrade_k8s_config.sh
dh_install dh_install

View File

@ -0,0 +1,98 @@
#!/bin/bash
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# This will run during a k8s upgrade as a part of the control-plane upgrade of
# the first master. It updates the kubeadm-config configmap to edit the
# manifests and remove the 'feature-gates' lines.
#
# Background:
# Kubernetes 1.24 no longer allows setting kube-apsierver feature-gate
# RemoveSelfLink=false. All the other feature gates we were using now default
# to true so we don't want to specify them anymore.
# Temporary configuration file
KUBEADM_CONFIGMAP_TMPFILE=$(mktemp /tmp/kubeadm_cm.yaml.XXXXXX 2>/dev/null)
# Log info message to /var/log/daemon.log
function LOG {
logger -p daemon.info "$0($$): " "${@}"
}
# Log error message to /var/log/daemon.log
function ERROR {
logger -s -p daemon.error "$0($$): " "${@}"
}
# Cleanup and exit
function cleanup_and_exit {
rm -v -f "${KUBEADM_CONFIGMAP_TMPFILE}"
exit "${1:-0}"
}
# Update the configmap for kubeadm
function update_apiserver_configmap {
LOG "Retrieving kubeadm configmap: ${KUBEADM_CONFIGMAP_TMPFILE}"
counter=0
RETRIES=10
RC=0
until [ $counter -gt $RETRIES ]; do
kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system get \
configmap kubeadm-config -o yaml > "${KUBEADM_CONFIGMAP_TMPFILE}"
RC=$?
if [ "$RC" = "0" ] ; then
LOG "Kubeadm configmap retrieved."
break
((counter+=1))
fi
ERROR "Failed to retrieve kubeadm configmap, retrying..."
sleep 5
((counter+=1))
done
if [ $counter -gt $RETRIES ]; then
ERROR "Failed to retrieve kubeadm configmap with error code [$RC]".
cleanup_and_exit $RC
fi
if grep -q 'RemoveSelfLink=false' "${KUBEADM_CONFIGMAP_TMPFILE}"; then
LOG "Updating kube-apiserver feature-gates in retrieved kubeadm-config"
if sed -i '/feature-gates/d' "${KUBEADM_CONFIGMAP_TMPFILE}"; then
if ! grep -q 'RemoveSelfLink=false' "${KUBEADM_CONFIGMAP_TMPFILE}";
then
LOG "Successfully updated retrieved kubeadm-config"
if kubectl --kubeconfig=/etc/kubernetes/admin.conf replace -f \
"${KUBEADM_CONFIGMAP_TMPFILE}"; then
LOG 'Successfully replaced updated kubeadm configmap.'
else
RC=$?
ERROR "Failed to replace updated kubeadm configmap with error code: [$RC]"
cleanup_and_exit $RC
fi
else
ERROR 'Failed to update kube-apiserver feature-gates with an unknown error'
cleanup_and_exit 1
fi
else
RC=$?
ERROR "Failed to update ${KUBEADM_CONFIGMAP_TMPFILE} with error code: [$RC]"
cleanup_and_exit $RC
fi
else
LOG "Kubeadm configmap was already updated with RemoveSelfLink=false removed. Nothing to do."
fi
}
# Update kube-apiserver configMap only for k8s 1.23.1
K8S_VERSION_FROM='v1.23.1'
K8S_VERSION=$(kubectl version --output=yaml| grep -m1 -oP 'gitVersion: \K(\S+)')
if [[ "${K8S_VERSION}" == "${K8S_VERSION_FROM}" ]]; then
LOG "k8s version ${K8S_VERSION} matches ${K8S_VERSION_FROM}"
update_apiserver_configmap
else
LOG "k8s version ${K8S_VERSION} does not match ${K8S_VERSION_FROM}, skip update"
fi
cleanup_and_exit 0