Add system-upgrade to upgrade-cluster playbook

kubernetes-sigs · Jun 12, 2023 · 88d85bc · 88d85bc
1 parent ce13699
commit 88d85bc
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 0 deletions.
diff --git a/docs/upgrades.md b/docs/upgrades.md
@@ -403,3 +403,14 @@ Please note that **migrating container engines is not officially supported by Ku
 As of Kubespray 2.18.0, containerd is already the default container engine. If you have the chance, it is advisable and safer to reset and redeploy the entire cluster with a new container engine.
 
 * [Migrating from Docker to Containerd](upgrades/migrate_docker2containerd.md)
+
+## System upgrade
+
+If you want to upgrade the APT packages while the nodes are cordoned, you can use:
+
+```ShellSession
+ansible-playbook upgrade-cluster.yml -b -i inventory/sample/hosts.ini -e system_upgrade=true
+```
+
+Nodes will be rebooted when there are package upgrades (`system_upgrade_reboot: on-upgrade`).
+This can be changed to `always` or `never`.
diff --git a/playbooks/upgrade_cluster.yml b/playbooks/upgrade_cluster.yml
@@ -84,6 +84,7 @@
   roles:
     - { role: kubespray-defaults }
     - { role: upgrade/pre-upgrade, tags: pre-upgrade }
+    - { role: upgrade/system-upgrade, tags: system-upgrade }
     - { role: kubernetes-apps/kubelet-csr-approver, tags: kubelet-csr-approver }
     - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
     - { role: kubernetes/node, tags: node }
@@ -116,6 +117,7 @@
   roles:
     - { role: kubespray-defaults }
     - { role: upgrade/pre-upgrade, tags: pre-upgrade }
+    - { role: upgrade/system-upgrade, tags: system-upgrade }
     - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
     - { role: kubernetes/node, tags: node }
     - { role: kubernetes/kubeadm, tags: kubeadm }

diff --git a/roles/upgrade/system-upgrade/defaults/main.yml b/roles/upgrade/system-upgrade/defaults/main.yml
@@ -0,0 +1,2 @@
+system_upgrade: false
+system_upgrade_reboot: on-upgrade  # never, always
diff --git a/roles/upgrade/system-upgrade/tasks/main.yml b/roles/upgrade/system-upgrade/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+# Debian
+- name: APT upgrade
+  when:
+  - ansible_os_family == "Debian"
+  - system_upgrade
+  block:
+    - name: APT Dist-Upgrade
+      apt:
+        upgrade: dist
+        autoremove: true
+        dpkg_options: force-confold,force-confdef
+      register: apt_upgrade
+
+    - name: Reboot after APT Dist-Upgrade
+      when:
+        - apt_upgrade.changed or system_upgrade_reboot == 'always'
+        - system_upgrade_reboot != 'never'
+      reboot:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		system_upgrade: false
		system_upgrade_reboot: on-upgrade # never, always