k8s-1.22.5: remove feature-gates

This script is intended to be run during platform upgrade.
('upgrade-activate' phase). It removes below feature gates
from kubeadm-config configmap and rewrites kube-apiserver
and kube-controller-manager manifests.
  - SCTPSupport=true
  - HugePageStorageMediumSize=true
  - TTLAfterFinished=true

Background:
HugePageStorageMediumSize is deprecated in Kubernetes 1.22
SCTPSupport blocks kube-apiserver pod to spawn after control-plane upgrade
TTLAfterFinished value defaults to true from k8s 1.21

Test Plan (On CentOS)
On AIO-SX and AIO-DX:
PASS: Full platform upgrade successful.
      Confirm kubeadm-configmap is updated, kube-apiserver
      and controller-manager static manifests and processes
      are updated with updated feature-gates after platform
      upgrade.
PASS: Upgrade k8s 1.21.8 to 1.22.5 after platform upgrade.
      Create a PV, PVC and deploy a pod.
PASS: Package builds successfully.

Story: 2009789
Task: 45627

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I51400c63226b532eed4a05fddb255b877cc5bbb5
This commit is contained in:
Kaustubh Dhokte 2022-06-13 21:11:25 -04:00
parent 6d3a1908e5
commit a6a5349d02
2 changed files with 150 additions and 0 deletions

View File

@ -0,0 +1,142 @@
#!/bin/bash
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# This script is intended to be run during platform upgrade.
# It removes below feature gates from kube-apiserver configmap and rewrites
# kube-api-server and kube-controller-manager manifests
# - SCTPSupport=true
# - HugePageStorageMediumSize=true
# - TTLAfterFinished=true
#
#
# Background:
# HugePageStorageMediumSize is deprecated in Kubernetes 1.22
# SCTPSupport blocks kube-apiserver pod to spawn after control-plane upgrade
# TTLAfterFinished value defaults to true from k8s 1.21
#
KUBEADM_CONFIGMAP_TMPFILE='/tmp/kubeadm_cm'
rc_controller_manager=0
rc_apiserver=0
function log {
logger -p local1.info "$1"
}
function get_kubeadm_configmap {
log "Retrieving kubeadm configmap to temporary location: ${KUBEADM_CONFIGMAP_TMPFILE}"
counter=0
RC=0
RETRIES=10
until [ ${counter} -gt ${RETRIES} ]; do
kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system get \
configmap kubeadm-config -o "$1" > ${KUBEADM_CONFIGMAP_TMPFILE}
RC=$?
if [ 0 == ${RC} ] ; then
log "Kubeadm configmap retrieved."
break
fi
log "Error retrieving kubeadm configmap, retrying..."
sleep 5
counter=$(( counter+1 ))
done
if [ ${counter} -gt ${RETRIES} ]; then
log "Failed to retrieve kubeadm configmap with error code [${RC}]".
exit ${RC}
fi
}
# Update the configmap for kubeadm
function update_kubeadm_configmap {
get_kubeadm_configmap yaml
log "Updating kube-apiserver feature-gates in retrieved kubeadm-config"
# Update api-server feature-gates
sed -i \
's/^\( *\)feature-gates:\s.*RemoveSelfLink=false/\1feature-gates: RemoveSelfLink=false/g' \
${KUBEADM_CONFIGMAP_TMPFILE}
rc_apiserver=$?
if [ 0 == ${rc_apiserver} ]; then
log "Successfully updated kube-apiserver feature-gates in retrieved kubeadm-config"
else
log "Failed to update kube-apiserver feature-gates in retrieved kubeadm-config with error code: [${rc_apiserver}]"
fi
# update controller-manager feature-gates
sed -i \
'/feature-gates: TTLAfterFinished=true/d' ${KUBEADM_CONFIGMAP_TMPFILE}
rc_controller_manager=$?
if [ 0 == ${rc_controller_manager} ]; then
log "Successfully updated controller-manager feature-gates in retrieved kubeadm-config"
else
# we need not gracefully exit here as failing to update this does not
# make any difference to the k8s cluster functions as default value of
# TTLAfterFinished is true
log "Failed to update controller-manager feature-gates in retrieved kubeadm-config with error code: [${rc_controller_manager}]"
fi
if [ ${rc_controller_manager} ] || [ ${rc_apiserver} ]; then
if kubectl --kubeconfig=/etc/kubernetes/admin.conf replace -f \
${KUBEADM_CONFIGMAP_TMPFILE}; then
log 'Successfully replaced updated kubeadm configmap.'
else
RC=$?
log "Failed to replace updated kubeadm configmap with error code: [${RC}]"
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
exit ${RC}
fi
else
log "Failed to update ${KUBEADM_CONFIGMAP_TMPFILE}"
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
exit ${RC}
fi
}
function update_manifests {
get_kubeadm_configmap jsonpath='{.data.ClusterConfiguration}'
# Rewrite apiserver manifest only if it is updated in the configmap
if [ 0 == ${rc_apiserver} ]; then
kubeadm init phase control-plane apiserver \
--config ${KUBEADM_CONFIGMAP_TMPFILE}
RC=$?
if [ 0 == ${RC} ]; then
log "Success executing kubeadm init phase control-plane for kube-api-server"
else
log "Failed to update kube-api-server manifest with error code: [${RC}]"
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
exit ${RC}
fi
fi
# Rewrite controller-manager manifest only if it is updated in the configmap
if [ 0 == ${rc_controller_manager} ]; then
kubeadm init phase control-plane controller-manager \
--config ${KUBEADM_CONFIGMAP_TMPFILE}
RC=$?
if [ 0 == ${RC} ]; then
log "Success executing kubeadm init phase control-plane for kube-controller-manager"
else
log "Failed to update kube-controller-manager manifest with error code: [${RC}]"
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
exit ${RC}
fi
fi
}
update_kubeadm_configmap
update_manifests
rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
exit 0

View File

@ -39,6 +39,8 @@
%global _stage1 %{_exec_prefix}/local/kubernetes/%{kube_version}/stage1
%global _stage2 %{_exec_prefix}/local/kubernetes/%{kube_version}/stage2
%global local_sbindir /usr/local/sbin
##############################################
Name: kubernetes-%{kube_version}
Version: %{kube_version}
@ -50,6 +52,7 @@ ExclusiveArch: x86_64 aarch64 ppc64le s390x
Source0: %{project}-v%{kube_version}.tar.gz
Source4: kubeadm.conf
Source5: kubelet-cgroup-setup.sh
Source6: update-k8s-feature-gates.sh
Patch1: kubelet-cpumanager-disable-CFS-quota-throttling-for-.patch
Patch2: kubelet-cpumanager-keep-normal-containers-off-reserv.patch
@ -923,6 +926,7 @@ output_path="${KUBE_OUTPUT_BINPATH}/$(kube::golang::host_platform)"
install -m 755 -d %{buildroot}%{_bindir}
install -m 755 -d %{buildroot}%{_stage1}%{_bindir}
install -m 755 -d %{buildroot}%{_stage2}%{_bindir}
install -d %{buildroot}%{local_sbindir}
echo "+++ INSTALLING kube-apiserver"
install -p -m 754 -t %{buildroot}%{_bindir} ${output_path}/kube-apiserver
@ -935,6 +939,9 @@ install -p -m 0644 -t %{buildroot}%{_stage2}%{_sysconfdir}/systemd/system/kubele
echo "+++ INSTALLING kubelet-cgroup-setup.sh"
install -p -m 0700 -t %{buildroot}%{_stage2}%{_bindir} %{SOURCE5}
echo "+++ INSTALLING update-k8s-feature-gates.sh"
install -m 0700 %{SOURCE6} %{buildroot}/%{local_sbindir}/update-k8s-feature-gates.sh
echo "+++ INSTALLING kube-apiserver"
install -p -m 754 -t %{buildroot}%{_bindir} ${output_path}/kube-apiserver
@ -1054,6 +1061,7 @@ fi
%license LICENSE
%{_stage2}%{_bindir}/kubelet
%{_stage2}%{_bindir}/kubelet-cgroup-setup.sh
%{local_sbindir}/update-k8s-feature-gates.sh
##############################################
%files kubeadm