-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to Kubernetes 1.24 #3387
Comments
Take a look at these similar issues to see if there isn't already a response to your problem: |
We had an issue while upgrading
Thanks to @lemeurherve 's researches, we found terraform-aws-modules/terraform-aws-eks#1725 which confirms that the Terraform EKS module is (was?) not exhaustive for the IAM Applied the new permissions in the (private) repository jenkins-infra/terraform-state (ref. https://github.com/jenkins-infra/terraform-states/commit/14c134bdb778e7a6124ed398618c1a9f48cbf101) and triggered a new (successful) build. |
Version retrieved with `az aks get-upgrades --resource-group prod-privatek8s --name privatek8s-emerging-ram --output table` Ref: jenkins-infra/helpdesk#3387
Previous upgrade: #3053
Upgrade kubectl within docker-helmfile
kubectl
1.24.x line docker-helmfile#266kubectl
version to 1.24.10 docker-helmfile#267Send an email (ideally 1-2 day priori to the operations) on both jenkinsci-dev and jenkins-infra mailing lists (google groups) to let users known "when" the operations will take place, and "what" will be the expected impacts
Upgrade DOKS (
doks
anddoks-public
)doks-public
re-created by terraform in jenkins-infra/digitaloceanupdated in DigitalOcean management interfacejenkins-agents
in ci.jenkins.io if needed (manual step)doks
only notdoks-public
Upgrade EKS (
cik8s
andeks-public
)Open datetime announcement on status.jenkins.io - Create 2023-02-22-maintenance-eks-k8s-1-24.md status#245
Disable cluster in ci.jenkins.io configuration as code - chore(ci.jenkins.io): disable cik8s before updating it to Kubernetes 1.24 jenkins-infra#2653
Disable kubernetes management (disable job on infra.ci.jenkins.io)
Upgrade cluster through Terraform (control plane + node groups) - chore: update
cik8s
cluster to Kubernetes 1.24 aws#342Ensure the upgraded cluster is still OK (check kubernetes-management and run a job on the main branch)
⚠️ Ensure that the security group
eks-cluster-sg-<cluster name>-<random ID>
that is managed directly by EKS doesn't contain the tagkubernetes.io/cluster/<cluster name>
Even with
create_cluster_primary_security_group_tags = false
this tag is wrongly set by the terraform module and must be manually deleted afterwards for now.Enable it again in ci.jenkins.io config as code
Close announcement
Upgrade AKS (
privatek8s
,publick8s
andprodpublick8s
)[-]
Check previous AKS upgrades and create one for 1.24Open datetime announcement on status.jenkins.io
Disable kubernetes management (disable job on infra.ci.jenkins.io)
Upgrade privatek8s first
⚠️ It will put infra.ci out of service so might need manual steps to re-boostrap the kubernetes-management job
Version retrieved with
az aks get-upgrades --resource-group prod-privatek8s --name privatek8s-emerging-ram --output table
Control plane upgraded with terraform
Nodes upgraded via the Azure Portal (for now)
Details
Upgrade publick8s
Upgrade prodpublick8s
Re-Enable kubernetes management (and update kubeconfigs in the infra.ci's SOPS credentials (private repo), if kubernetes management cannot connect) and run a job on the main branch
Send an email on both jenkinsci-dev and jenkins-infra mailing lists to announce the end of maintenance
Close announcement
The text was updated successfully, but these errors were encountered: