Update patching playbook to utilize kubernetes.core collection (#859)

Co-authored-by: Devin Buhl <[email protected]>
onedr0p · Jul 19, 2023 · 74c70ad · 74c70ad
1 parent 571a745
commit 74c70ad
Showing 1 changed file with 31 additions and 22 deletions.
diff --git a/bootstrap/templates/ansible/playbooks/cluster-rollout-update.yaml.j2 b/bootstrap/templates/ansible/playbooks/cluster-rollout-update.yaml.j2
@@ -26,23 +26,37 @@
         - not (kubectl_get_node['stdout'] | from_json).spec.unschedulable is defined
       block:
         - name: Cordon
-          ansible.builtin.command: "kubectl cordon {% raw %}{{ inventory_hostname }}{% endraw %}"
+          kubernetes.core.k8s_drain:
+            name: "{% raw %}{{ inventory_hostname }}{% endraw %}"
+            kubeconfig: /etc/rancher/k3s/k3s.yaml
+            state: cordon
           delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
-          changed_when: false
-
-        - name: Wait for cordon
-          ansible.builtin.command: "kubectl get node {% raw %}{{ inventory_hostname }}{% endraw %} -o json"
-          register: wait_for_cordon
-          retries: 10
-          delay: 10
-          delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
-          changed_when: false
-          until: (wait_for_cordon['stdout'] | from_json).spec.unschedulable
 
         - name: Drain
-          ansible.builtin.command: "kubectl drain --ignore-daemonsets --delete-emptydir-data --force {% raw %}{{ inventory_hostname }}{% endraw %}"
+          ansible.builtin.command: "kubectl drain --pod-selector='app!=rook-ceph-osd,app!=csi-attacher,app!=csi-provisioner' --ignore-daemonsets --delete-emptydir-data --force --grace-period=300 {% raw %}{{ inventory_hostname }}{% endraw %}"
           delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
           changed_when: false
+
+        ### pod_selectors feature in upcoming kubernetes.core 2.5.0 ###
+        # - name: Drain
+        #   kubernetes.core.k8s_drain:
+        #     name: "{% raw %}{{ inventory_hostname }}{% endraw %}"
+        #     kubeconfig: /etc/rancher/k3s/k3s.yaml
+        #     state: drain
+        #     delete_options:
+        #       delete_emptydir_data: true
+        #       ignore_daemonsets: true
+        #       terminate_grace_period: 600
+        #       wait_timeout: 900
+        #       force: true
+        #     pod_selectors:
+        #       # Rook Ceph
+        #      - app!=rook-ceph-osd
+        #       # Longhorn
+        #      - app!=csi-attacher
+        #       # Longhorn
+        #      - app!=csi-provisioner
+        #   delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
 
         - name: Update
           ansible.builtin.apt:
@@ -60,16 +74,11 @@
             msg: Rebooting node
             post_reboot_delay: 60
             reboot_timeout: 3600
+          when: reboot_required.stat.exists
 
         - name: Uncordon
-          ansible.builtin.command: "kubectl uncordon {% raw %}{{ inventory_hostname }}{% endraw %}"
+          kubernetes.core.k8s_drain:
+            name: "{% raw %}{{ inventory_hostname }}{% endraw %}"
+            kubeconfig: /etc/rancher/k3s/k3s.yaml
+            state: uncordon
           delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
-          changed_when: false
-
-        - name: Wait for uncordon
-          ansible.builtin.command: "kubectl get node {% raw %}{{ inventory_hostname }}{% endraw %} -o json"
-          retries: 10
-          delay: 10
-          delegate_to: "{% raw %}{{ groups['master'][0] }}{% endraw %}"
-          changed_when: false
-          until: not (kubectl_get_node['stdout'] | from_json).spec.unschedulable is defined