diff --git a/CHANGELOG-0.7.md b/CHANGELOG-0.7.md index 62c8534555..148cb2b931 100644 --- a/CHANGELOG-0.7.md +++ b/CHANGELOG-0.7.md @@ -10,6 +10,7 @@ ### Updated - [#1479](https://github.com/epiphany-platform/epiphany/issues/1479) - Upgrade K8s to v1.18.6 +- [#1510](https://github.com/epiphany-platform/epiphany/issues/1510) - Upgrade Kubernetes Dashboard to v2.0.3 ### Fixed diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/apply-dashboard.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/apply-dashboard.yml index 98e17ec1a3..a89a921462 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/apply-dashboard.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/apply-dashboard.yml @@ -1,19 +1,7 @@ --- -- name: Upload and deploy Dashboard +# This file is meant to be also used by upgrade role + +- name: Upload and deploy Kubernetes Dashboard + include_tasks: deployments/deploy-template.yml vars: file_name: kubernetes-dashboard.yml.j2 - include_tasks: deployments/deploy-template.yml - -- name: Check if kubernetes-dashboard is already deployed - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - shell: | - kubectl get pods \ - --namespace kubernetes-dashboard \ - | grep -c -i dashboard - args: - executable: /bin/bash - register: dashboard_count - failed_when: dashboard_count.rc == 2 - when: - - kubernetes_common.automation_designated_master == inventory_hostname diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/patch-object.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/patch-object.yml deleted file mode 100644 index 47d1820bb7..0000000000 --- a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/deployments/patch-object.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Patch {{ object.kind }} {{ object.name }} - command: |- - kubectl patch {{ object.kind }} {{ object.name | lower }} \ - --namespace {{ object.namespace }} \ - --type {{ patch.type | default('strategic') }} \ - --patch '{{ patch.content }}' - register: kubectl_patch - changed_when: not 'no change' in kubectl_patch.stdout - environment: - KUBECONFIG: /etc/kubernetes/admin.conf diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/patch-coredns.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/patch-coredns.yml index ce12744deb..c45ba09be8 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/patch-coredns.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/patch-coredns.yml @@ -9,12 +9,12 @@ file: roles/kubernetes_master/files/coredns-deployment-patch.yml name: coredns_deployment_patch -- name: Include tasks from deployments/patch-object.yml - include_tasks: deployments/patch-object.yml +- name: Include tasks from utils/patch-object.yml + include_tasks: utils/patch-object.yml vars: object: kind: deployment - name: CoreDNS + name: coredns namespace: kube-system patch: content: "{{ coredns_deployment_patch | to_json }}" diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/get-deployment-images.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/get-deployment-images.yml new file mode 100644 index 0000000000..3c3abbcac8 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/get-deployment-images.yml @@ -0,0 +1,21 @@ +--- +# Expected vars: +# - kind { deployment | daemonset } +# - selector +# - namespace + +- name: "Get list of images for {{ kind }} using selector: {{ selector }}" + command: >- + kubectl get {{ kind }} + --selector {{ selector }} + -o=custom-columns='IMAGE:spec.template.spec.containers[*].image' + --namespace {{ namespace }} + --no-headers=true + register: kubectl_get_images + changed_when: false + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + +- name: Set list of images as fact + set_fact: + object_images: kubectl_get_images.stdout_lines diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/get-images-from-deployment-template.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/get-images-from-deployment-template.yml new file mode 100644 index 0000000000..068db8e3c9 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/get-images-from-deployment-template.yml @@ -0,0 +1,15 @@ +--- +# Expected vars: +# - template_file +# - kind { deployment | daemonset } + +- name: "Load {{ kind }}s from template file: {{ template_file }}" + set_fact: + deployments: >- + {{ lookup('template', './' + template_file) | from_yaml_all + | selectattr('kind', 'match', '(?i)' + kind) | list }} + +- name: Get list of images from loaded template + set_fact: + template_images: >- + {{ deployments | json_query('[*].spec.template.spec.containers[*].image') | flatten }} diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/patch-object.yml b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/patch-object.yml new file mode 100644 index 0000000000..7cbe4d3a80 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/utils/patch-object.yml @@ -0,0 +1,20 @@ +--- +# Expected vars: +# - object: +# kind +# name +# namespace +# - patch: +# content +# type (optional) + +- name: "Patch {{ object.kind }}: {{ object.name }}" + command: >- + kubectl patch {{ object.kind }} {{ object.name }} + --namespace {{ object.namespace }} + --type {{ patch.type | default('strategic') }} + --patch '{{ patch.content }}' + register: kubectl_patch + changed_when: not 'no change' in kubectl_patch.stdout + environment: + KUBECONFIG: /etc/kubernetes/admin.conf diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/templates/kubernetes-dashboard.yml.j2 b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/templates/kubernetes-dashboard.yml.j2 index 5af73de5e2..3b34d17661 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/templates/kubernetes-dashboard.yml.j2 +++ b/core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/templates/kubernetes-dashboard.yml.j2 @@ -156,7 +156,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard - namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -188,7 +187,7 @@ spec: spec: containers: - name: kubernetes-dashboard - image: {{ image_registry_address }}/kubernetesui/dashboard:v2.0.0-beta8 + image: {{ image_registry_address }}/kubernetesui/dashboard:v2.0.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8443 @@ -225,6 +224,8 @@ spec: - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master @@ -236,7 +237,7 @@ kind: Service apiVersion: v1 metadata: labels: - k8s-app: kubernetes-metrics-scraper + k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: @@ -244,7 +245,7 @@ spec: - port: 8000 targetPort: 8000 selector: - k8s-app: kubernetes-metrics-scraper + k8s-app: dashboard-metrics-scraper --- @@ -252,25 +253,25 @@ kind: Deployment apiVersion: apps/v1 metadata: labels: - k8s-app: kubernetes-metrics-scraper - name: kubernetes-metrics-scraper + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: - k8s-app: kubernetes-metrics-scraper + k8s-app: dashboard-metrics-scraper template: metadata: labels: - k8s-app: kubernetes-metrics-scraper + k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: containers: - - name: kubernetes-metrics-scraper - image: {{ image_registry_address }}/kubernetesui/metrics-scraper:v1.0.1 + - name: dashboard-metrics-scraper + image: {{ image_registry_address }}/kubernetesui/metrics-scraper:v1.0.4 ports: - containerPort: 8000 protocol: TCP @@ -290,10 +291,12 @@ spec: runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: tmp-volume - emptyDir: {} \ No newline at end of file + emptyDir: {} diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt index 809d22fb79..ceb76a1c4c 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.txt @@ -160,8 +160,8 @@ https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz [images] -kubernetesui/dashboard:v2.0.0-beta8 -kubernetesui/metrics-scraper:v1.0.1 +kubernetesui/dashboard:v2.0.3 +kubernetesui/metrics-scraper:v1.0.4 registry:2 hashicorp/vault-k8s:0.2.0 vault:1.3.2 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt index acd4ca6f27..7dfd9cd12c 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.txt @@ -157,8 +157,8 @@ https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz [images] -kubernetesui/dashboard:v2.0.0-beta8 -kubernetesui/metrics-scraper:v1.0.1 +kubernetesui/dashboard:v2.0.3 +kubernetesui/metrics-scraper:v1.0.4 registry:2 hashicorp/vault-k8s:0.2.0 vault:1.3.2 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt index 8c25f44d1f..b90528cf33 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.txt @@ -182,8 +182,8 @@ https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.4.0.tar.gz [images] -kubernetesui/dashboard:v2.0.0-beta8 -kubernetesui/metrics-scraper:v1.0.1 +kubernetesui/dashboard:v2.0.3 +kubernetesui/metrics-scraper:v1.0.4 registry:2 hashicorp/vault-k8s:0.2.0 vault:1.3.2 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-k8s-dashboard.yml b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-k8s-dashboard.yml new file mode 100644 index 0000000000..60904d6cac --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-k8s-dashboard.yml @@ -0,0 +1,39 @@ +--- +- name: Check if upgrade is needed + block: + - name: k8s/master | Include tasks from utils/get-images-from-deployment-template + include_role: + name: kubernetes_master + tasks_from: utils/get-images-from-deployment-template # sets template_images + vars: + kind: deployment + template_file: kubernetes-dashboard.yml.j2 + + - name: k8s/master | Include tasks from utils/get-deployment-images + include_role: + name: kubernetes_master + tasks_from: utils/get-deployment-images # sets object_images + vars: + kind: deployment + selector: k8s-app=kubernetes-dashboard + namespace: kubernetes-dashboard + + - name: k8s/master | Check if Kubernetes Dashboard should be upgraded + set_fact: + upgrade_k8s_dashboard: >- + {{ (template_images | difference(object_images) | count > 0) | ternary(true, false) }} + +- name: Upgrade dashboard + when: upgrade_k8s_dashboard + block: + - name: k8s/master | Delete kubernetes-dashboard namespace + command: >- + kubectl delete ns kubernetes-dashboard + environment: + KUBECONFIG: /etc/kubernetes/admin.conf + + # Deploy new version of kubernetes-dashboard + - name: k8s/master | Apply Kubernetes Dashboard + include_role: + name: kubernetes_master + tasks_from: apply-dashboard diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-kubernetes-dashboard.yml b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-kubernetes-dashboard.yml deleted file mode 100644 index b979b71cd0..0000000000 --- a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-kubernetes-dashboard.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Delete old kubernetes-dashboard from kube-system, new dashboard has its own namespace - TODO remove this block in 0.7.0 - -- name: k8s/master | Delete old kubernetes dashboard - run_once: true - environment: - KUBECONFIG: /etc/kubernetes/admin.conf - block: - - name: k8s/master | Check if any resource with label 'k8s/app=kubernetes-dashboard' exists in kube-system - command: | - kubectl get all -l k8s/app=kubernetes-dashboard -n kube-system - register: result - changed_when: false - - - name: k8s/master | Delete all resources with label 'k8s/app=kubernetes-dashboard' from kube-system - command: | - kubectl delete all -l k8s/app=kubernetes-dashboard -n kube-system - when: - - not 'No resources found' in result.stderr - - - name: k8s/master | Check if 'kubernetes-dashboard-minimal' Role or RoleBinding exists in kube-system - command: | - kubectl get Role,RoleBinding kubernetes-dashboard-minimal -n kube-system - register: result - changed_when: false - failed_when: - - result.rc != 0 - - not 'not found' in result.stderr - - - name: k8s/master | Delete 'kubernetes-dashboard-minimal' Role and RoleBinding from kube-system - command: | - kubectl delete Role,RoleBinding kubernetes-dashboard-minimal -n kube-system - when: - - not 'not found' in result.stderr - -# Deploy new version of kubernetes-dashboard - -- name: k8s/master | Apply Kubernetes Dashboard - import_role: - name: kubernetes_master - tasks_from: apply-dashboard diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master0.yml b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master0.yml index be1f4896e6..19c726eb3f 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master0.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes/upgrade-master0.yml @@ -19,9 +19,6 @@ - name: k8s/master0 | Reconfigure keycloak application include_tasks: reconfigure-auth-service-app.yml -- name: k8s/master0 | Upgrade kubernetes-dashboard - include_tasks: upgrade-kubernetes-dashboard.yml - - name: k8s/master0 | Drain master in preparation for maintenance include_tasks: utils/drain.yml @@ -115,6 +112,11 @@ - name: k8s/master0 | Upgrade CNI plugin pod include_tasks: upgrade-cni-plugin-pod.yml +- name: k8s/master0 | Upgrade Kubernetes Dashboard + include_tasks: upgrade-k8s-dashboard.yml + when: + - upgrade_to_final_version + - name: k8s/master0 | Backup kubeadm-config.yml include_tasks: backup-kubeadm-config.yml diff --git a/core/src/epicli/data/common/defaults/configuration/image-registry.yml b/core/src/epicli/data/common/defaults/configuration/image-registry.yml index 6db547e101..1a71c63fee 100644 --- a/core/src/epicli/data/common/defaults/configuration/image-registry.yml +++ b/core/src/epicli/data/common/defaults/configuration/image-registry.yml @@ -14,10 +14,10 @@ specification: file_name: rabbitmq-3.7.10.tar - name: "apacheignite/ignite:2.5.0" file_name: ignite-2.5.0.tar - - name: "kubernetesui/dashboard:v2.0.0-beta8" - file_name: dashboard-v2.0.0-beta8.tar - - name: "kubernetesui/metrics-scraper:v1.0.1" - file_name: metrics-scraper-v1.0.1.tar + - name: "kubernetesui/dashboard:v2.0.3" + file_name: dashboard-v2.0.3.tar + - name: "kubernetesui/metrics-scraper:v1.0.4" + file_name: metrics-scraper-v1.0.4.tar - name: "vault:1.3.2" file_name: vault-1.3.2.tar - name: "hashicorp/vault-k8s:0.2.0"