commit 60c6d20a3e23da1e85a2375d7d9c36129851a91d Author: savagebidoof Date: Wed Dec 13 21:33:51 2023 +0100 first commit diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..13566b8 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/misc.xml b/.idea/misc.xml new file mode 100644 index 0000000..639900d --- /dev/null +++ b/.idea/misc.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 0000000..357cfe5 --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..de7719e --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +My script to update my kubernetes cluster at home. + +I typed a bit on the `notes.md` file, but that was mostly for myself. + +## How to use + +Modify the `inventory.yaml` file with: +- Your desired hostnames +- Your user/password +- The desired kubeadm version. + +Finally execute teh `run.sh` file. + +## Requirements: + +- **Remote** user with access to sudo +- Only intended for Debian based devices (arm/x64) +- DNS name from the hosts in the inventory must match the name of the node when using `kubectl get nodes` command. +- Host/Client that will execute this Ansible script requires to have `kubectl` configured to target the desired kubernetes cluster. +- Host/Client requires the `kubernetes` Python library installed [0a] and the kubernetes Ansible plugin [0b]. + + +[0a] Python Kubernetes package +On Arch linux I had to use `pacman -S python-kubernetes`, you might get away with murder using the `pip3 install kubernetes` command. IDK +https://stackoverflow.com/questions/60866755/ansible-k8s-module-failed-to-import-the-required-python-library-openshift-on + +[0b] Ansible Kubernetes plugin +https://docs.ansible.com/ansible/latest/collections/kubernetes/core/docsite/kubernetes_scenarios/k8s_intro.html +`ansible-galaxy collection install kubernetes.core` diff --git a/inventory.yaml b/inventory.yaml new file mode 100644 index 0000000..febdf5c --- /dev/null +++ b/inventory.yaml @@ -0,0 +1,19 @@ +masters: + hosts: + pi4.filter.home: + vars: + is_master: yes + desired_ansible_user: my_user + desired_ansible_password: my_password + +slaves: + hosts: + slave[01:03].filter.home: + vars: + is_master: no + desired_ansible_user: my_user + desired_ansible_password: my_password + +all: + vars: + install_kubeadm_version: "1.28.4-1.1" \ No newline at end of file diff --git a/notes.md b/notes.md new file mode 100644 index 0000000..0113461 --- /dev/null +++ b/notes.md @@ -0,0 +1,74 @@ + +Requirements: + +- User with access to sudo +- Only Debian based devices +- Use vars to target specific kubeadm/let/ctl version +- DNS name must match the name of the node when using `kubectl get nodes` command +- Host/Client that will execute this script requires to have `kubectl` configured to use the targeted kubernetes cluster. +- https://docs.ansible.com/ansible/latest/collections/kubernetes/core/docsite/kubernetes_scenarios/k8s_intro.html | ansible-galaxy collection install kubernetes.core [0] + +[0] pacman -S python-kubernetes +https://stackoverflow.com/questions/60866755/ansible-k8s-module-failed-to-import-the-required-python-library-openshift-on + + +Order: + +- Update repositories [-3] +- Check available versions to upgrade to and update the config accordingly [-2] +- Check if applied CRD work on the desired Kubernetes version [-1] +- Backup (if available, as per the moment manual since it's not a main concern) [0] +- Upgrade Kubeadm [1] +- Call upgrade [2] +- Drain node [3] +- Update kubelet/kubectl versions [4] +- Reboot services [5] +- Upgrade system cause one needs it from time to type [6] +- Uncordon node [7] + +----- Done with all hosts +- Upgrade CNI + + +[-3] +https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/ + +[-2] +apt update +apt-cache madison kubeadm | head -n 5 + +[-1] (This is mine. comparing to kubernetes 1.28.5) +- [x] Calico v3.26.3 (v3.26.4 available) +- [x] Istio 1.18.2 (v1.20 available) +- [?] MetalLb v0.13.10 (v0.13.12 available) *Didn't find anything regarding the matter, so going to assume yes and see what happens. +- [x] CertManager v1.13.1 (v1.13.3 available) + +[0] +Proxmox stuff/VMs + +[1] +apt-mark unhold kubeadm && \ +apt-get update && apt-get install -y kubeadm='1.28.x-*' && \ +apt-mark hold kubeadm + +[2] +sudo kubeadm upgrade node + +[3] +kubectl drain $NODE + +[4] +apt-mark unhold kubelet kubectl && \ +apt-get update && apt-get install -y kubelet='1.28.x-*' kubectl='1.28.x-*' && \ +apt-mark hold kubelet kubectl + +[5] +sudo systemctl daemon-reload +sudo systemctl restart kubelet + +[6] +usual apt-get update > upgrade > reboot + +[7] +kubectl uncordon + diff --git a/playbooks/main.yaml b/playbooks/main.yaml new file mode 100755 index 0000000..8c032e9 --- /dev/null +++ b/playbooks/main.yaml @@ -0,0 +1,33 @@ +# Author: Oriol Filter +# 13/12/2023 + +- name: Preparethings + order: inventory + hosts: all + gather_facts: true + serial: 1 # 1 Host at a time + vars: + # Connect + ansible_user: "{{ desired_ansible_user }}" + ansible_password: "{{ desired_ansible_password }}" + ansible_become_password: "{{ ansible_password | default('1') }}" + + # Interpreter + ansible_python_interpreter: "/usr/bin/python3" + + tasks: +# - check vars + - debug: var=is_master # Not actually used/relevant + - debug: var=ansible_host + - debug: var=install_kubeadm_version + + - name: Ping check + ping: + + - name: Set new repos + import_tasks: task_set_repos.yaml + become: true + + - name: stuff + import_tasks: task_upgrade.yaml + become: true diff --git a/playbooks/task_set_repos.yaml b/playbooks/task_set_repos.yaml new file mode 100644 index 0000000..3ec5129 --- /dev/null +++ b/playbooks/task_set_repos.yaml @@ -0,0 +1,12 @@ +## Update repositories +# https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/ + +- name: Add Kubernetes GPG key + apt_key: + url: https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key + state: present + +- name: Add Kubernetes APT repository + apt_repository: + repo: deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ / + state: present \ No newline at end of file diff --git a/playbooks/task_upgrade.yaml b/playbooks/task_upgrade.yaml new file mode 100644 index 0000000..181d56a --- /dev/null +++ b/playbooks/task_upgrade.yaml @@ -0,0 +1,67 @@ +## Kubeadm +- name: apt update + ansible.builtin.apt: + update_cache: yes + +- name: apt install kubeadm + ansible.builtin.apt: + allow_change_held_packages: true + name: + - kubeadm={{ install_kubeadm_version }} + +- name: Call `kubeadm upgrade` + shell: kubeadm upgrade node + +- name: Drain node + become: false + delegate_to: localhost + kubernetes.core.k8s_drain: + name: "{{ ansible_facts['fqdn'] }}" + state: drain + delete_options: + delete_emptydir_data: true + ignore_daemonsets: true + force: yes + +## Kubelet && kubectl +- name: apt update + ansible.builtin.apt: + update_cache: yes + +- name: apt install kubelet && kubeadm + ansible.builtin.apt: + allow_change_held_packages: true + name: + - kubelet={{ install_kubeadm_version }} + - kubectl={{ install_kubeadm_version }} + +- name: systemctl daemon-reload + ansible.builtin.systemd_service: + daemon_reload: true + +- name: Restart kubelet + ansible.builtin.service: + name: kubelet + state: restarted + +## Standard update upgrade +- name: apt update + ansible.builtin.apt: + update_cache: yes + +- name: Upgrade general packages + ansible.builtin.apt: + name: "*" + state: latest + +## Reboot node +- name: reboot + reboot: + +## Uncordon node +- name: Uncordon node + become: false + delegate_to: localhost + kubernetes.core.k8s_drain: + name: "{{ ansible_facts['fqdn'] }}" + state: uncordon \ No newline at end of file diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..7d5a4ab --- /dev/null +++ b/run.sh @@ -0,0 +1,9 @@ +#!/bin/bash +export ANSIBLE_HOST_KEY_CHECKING=False + +ansible-playbook -i inventory.yaml playbooks/main.yaml + + + + +