epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-13 21:34:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix kubeadm upgrade node skipPhases with multiple CP nodes (#12367)

Browse Source 
Add 1.32 conditional defaults

Restore support for kubeadm upgrade node --skip-phases < 1.32, apply still needs to be restricted
This commit is contained in:
Chad Swenson
2025-07-07 13:29:26 -05:00
committed by GitHub
parent 15c8a4768d
commit 1e523a267c
3 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml
View File

@@ -4,7 +4,7 @@
# kubeadm-config.v1beta4 with UpgradeConfiguration requires some values that were previously allowed as args to be specified in the config file
# TODO: Remove --skip-phases from command when v1beta4 UpgradeConfiguration supports skipPhases
- name: Kubeadm | Upgrade first control plane node
- name: Kubeadm | Upgrade first control plane node to {{ kube_version }}
command: >-
timeout -k 600s 600s
{{ bin_dir }}/kubeadm upgrade apply -y v{{ kube_version }}
@@ -27,8 +27,8 @@
environment:
PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
# TODO: Remove --skip-phases from command when v1beta4 UpgradeConfiguration supports skipPhases
- name: Kubeadm | Upgrade other control plane nodes
# TODO: When we retire kubeadm-config.v1beta3, remove --certificate-renewal, --ignore-preflight-errors, --etcd-upgrade, --patches, and --skip-phases from command, since v1beta4+ supports these in UpgradeConfiguration.node
- name: Kubeadm | Upgrade other control plane nodes to {{ kube_version }}
command: >-
{{ bin_dir }}/kubeadm upgrade node
{%- if kubeadm_config_api_version == 'v1beta3' %}
@@ -39,9 +39,7 @@
{%- else %}
--config={{ kube_config_dir }}/kubeadm-config.yaml
{%- endif %}
{%- if kube_version is version('1.32.0', '>=') %}
--skip-phases={{ kubeadm_init_phases_skip | join(',') }}
{%- endif %}
--skip-phases={{ kubeadm_upgrade_node_phases_skip | join(',') }}
register: kubeadm_upgrade
when: inventory_hostname != first_kube_control_plane
failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr

2
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
View File

@@ -491,7 +491,7 @@ node:
{% endif %}
imagePullPolicy: {{ k8s_image_pull_policy }}
imagePullSerial: {{ kubeadm_image_pull_serial | lower }}
{% for skip_phase in kubeadm_init_phases_skip %}
{% for skip_phase in kubeadm_upgrade_node_phases_skip %}
{% if loop.first %}
skipPhases:
{% endif %}

9
roles/kubespray_defaults/defaults/main/main.yml
View File

@@ -66,6 +66,15 @@ kubeadm_join_phases_skip_default: []
kubeadm_join_phases_skip: >-
{{ kubeadm_join_phases_skip_default }}
# List of kubeadm upgrade node phases that should be skipped when upgrading a secondary control plane node (supports different phases than kubeadm init and kubeadm upgrade apply)
kubeadm_upgrade_node_phases_skip_default: []
kubeadm_upgrade_node_phases_skip: >-
{%- if kube_version is version('1.32.0', '>=') -%}
{{ kubeadm_upgrade_node_phases_skip_default + kubeadm_init_phases_skip }}
{%- else -%}
{{ kubeadm_upgrade_node_phases_skip_default }}
{%- endif -%}
# Set to true to remove the role binding to anonymous users created by kubeadm
remove_anonymous_access: false