first commit

.idea/.gitignore

@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml

.idea/misc.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>

.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/ansible_update_cluster.iml" filepath="$PROJECT_DIR$/ansible_update_cluster.iml" />
+    </modules>
+  </component>
+</project>

README.md

@@ -0,0 +1,29 @@
+My script to update my kubernetes cluster at home.
+
+I typed a bit on the `notes.md` file, but that was mostly for myself.
+
+## How to use
+
+Modify the `inventory.yaml` file with:
+- Your desired hostnames
+- Your user/password
+- The desired kubeadm version. 
+
+Finally execute teh `run.sh` file.
+
+## Requirements:
+
+- **Remote** user with access to sudo
+- Only intended for Debian based devices (arm/x64)
+- DNS name from the hosts in the inventory must match the name of the node when using `kubectl get nodes` command.
+- Host/Client that will execute this Ansible script requires to have `kubectl` configured to target the desired kubernetes cluster.
+- Host/Client requires the `kubernetes` Python library installed [0a] and the kubernetes Ansible plugin [0b].
+
+
+[0a] Python Kubernetes package
+On Arch linux I had to use `pacman -S python-kubernetes`, you might get away with murder using the `pip3 install kubernetes` command. IDK
+https://stackoverflow.com/questions/60866755/ansible-k8s-module-failed-to-import-the-required-python-library-openshift-on
+
+[0b] Ansible Kubernetes plugin
+https://docs.ansible.com/ansible/latest/collections/kubernetes/core/docsite/kubernetes_scenarios/k8s_intro.html
+`ansible-galaxy collection install kubernetes.core`

inventory.yaml

@@ -0,0 +1,19 @@
+masters:
+  hosts:
+    pi4.filter.home:
+  vars:
+    is_master: yes
+    desired_ansible_user: my_user
+    desired_ansible_password: my_password
+
+slaves:
+  hosts:
+    slave[01:03].filter.home:
+  vars:
+    is_master: no
+    desired_ansible_user: my_user
+    desired_ansible_password: my_password
+
+all:
+  vars:
+    install_kubeadm_version:  "1.28.4-1.1"

notes.md

@@ -0,0 +1,74 @@
+
+Requirements:
+
+- User with access to sudo
+- Only Debian based devices
+- Use vars to target specific kubeadm/let/ctl version
+- DNS name must match the name of the node when using `kubectl get nodes` command
+- Host/Client that will execute this script requires to have `kubectl` configured to use the targeted kubernetes cluster. 
+- https://docs.ansible.com/ansible/latest/collections/kubernetes/core/docsite/kubernetes_scenarios/k8s_intro.html | ansible-galaxy collection install kubernetes.core [0]
+
+[0] pacman -S python-kubernetes
+https://stackoverflow.com/questions/60866755/ansible-k8s-module-failed-to-import-the-required-python-library-openshift-on
+
+
+Order:
+
+- Update repositories [-3]
+- Check available versions to upgrade to and update the config accordingly [-2]
+- Check if applied CRD work on the desired Kubernetes version [-1]
+- Backup (if available, as per the moment manual since it's not a main concern) [0]
+- Upgrade Kubeadm [1]
+- Call upgrade [2]
+- Drain node [3]
+- Update kubelet/kubectl versions [4]
+- Reboot services [5]
+- Upgrade system cause one needs it from time to type [6]
+- Uncordon node [7]
+
+----- Done with all hosts
+- Upgrade CNI
+
+
+[-3]
+https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/
+
+[-2]
+apt update
+apt-cache madison kubeadm  | head -n 5
+
+[-1] (This is mine. comparing to kubernetes 1.28.5)
+- [x] Calico v3.26.3 (v3.26.4 available)
+- [x] Istio 1.18.2 (v1.20 available)
+- [?] MetalLb v0.13.10 (v0.13.12 available) *Didn't find anything regarding the matter, so going to assume yes and see what happens. 
+- [x] CertManager v1.13.1 (v1.13.3 available)
+
+[0]
+Proxmox stuff/VMs
+
+[1]
+apt-mark unhold kubeadm && \
+apt-get update && apt-get install -y kubeadm='1.28.x-*' && \
+apt-mark hold kubeadm
+
+[2]
+sudo kubeadm upgrade node
+
+[3]
+kubectl drain $NODE
+
+[4]
+apt-mark unhold kubelet kubectl && \
+apt-get update && apt-get install -y kubelet='1.28.x-*' kubectl='1.28.x-*' && \
+apt-mark hold kubelet kubectl
+
+[5]
+sudo systemctl daemon-reload
+sudo systemctl restart kubelet
+
+[6]
+usual apt-get update > upgrade > reboot 
+
+[7]
+kubectl uncordon <node-to-uncordon>
+

playbooks/main.yaml

@@ -0,0 +1,33 @@
+# Author: Oriol Filter
+# 13/12/2023
+
+- name: Preparethings
+  order: inventory
+  hosts: all
+  gather_facts: true
+  serial: 1 # 1 Host at a time
+  vars:
+    # Connect
+    ansible_user: "{{ desired_ansible_user }}"
+    ansible_password: "{{ desired_ansible_password }}"
+    ansible_become_password: "{{ ansible_password | default('1') }}"
+
+    # Interpreter
+    ansible_python_interpreter: "/usr/bin/python3"
+
+  tasks:
+#    - check vars
+    - debug: var=is_master # Not actually used/relevant
+    - debug: var=ansible_host
+    - debug: var=install_kubeadm_version
+
+    - name: Ping check
+      ping:
+
+    - name: Set new repos
+      import_tasks: task_set_repos.yaml
+      become: true
+
+    - name: stuff
+      import_tasks: task_upgrade.yaml
+      become: true

playbooks/task_set_repos.yaml

@@ -0,0 +1,12 @@
+## Update repositories
+# https://kubernetes.io/blog/2023/08/15/pkgs-k8s-io-introduction/
+
+- name: Add Kubernetes GPG key
+  apt_key:
+    url: https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key
+    state: present
+
+- name: Add Kubernetes APT repository
+  apt_repository:
+    repo: deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /
+    state: present

playbooks/task_upgrade.yaml

@@ -0,0 +1,67 @@
+## Kubeadm
+- name: apt update
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: apt install kubeadm
+  ansible.builtin.apt:
+    allow_change_held_packages: true
+    name:
+      - kubeadm={{ install_kubeadm_version }}
+
+- name: Call `kubeadm upgrade`
+  shell: kubeadm upgrade node
+
+- name: Drain node
+  become: false
+  delegate_to: localhost
+  kubernetes.core.k8s_drain:
+    name:  "{{ ansible_facts['fqdn'] }}"
+    state: drain
+    delete_options:
+      delete_emptydir_data: true
+      ignore_daemonsets: true
+      force: yes
+
+## Kubelet && kubectl
+- name: apt update
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: apt install kubelet && kubeadm
+  ansible.builtin.apt:
+    allow_change_held_packages: true
+    name:
+      - kubelet={{ install_kubeadm_version }}
+      - kubectl={{ install_kubeadm_version }}
+
+- name: systemctl daemon-reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+
+- name: Restart kubelet
+  ansible.builtin.service:
+    name: kubelet
+    state: restarted
+
+## Standard update upgrade
+- name: apt update
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Upgrade general packages
+  ansible.builtin.apt:
+    name: "*"
+    state: latest
+
+## Reboot node
+- name: reboot
+  reboot:
+
+## Uncordon node
+- name: Uncordon node
+  become: false
+  delegate_to: localhost
+  kubernetes.core.k8s_drain:
+    name:  "{{ ansible_facts['fqdn'] }}"
+    state: uncordon

run.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+export ANSIBLE_HOST_KEY_CHECKING=False
+
+ansible-playbook -i inventory.yaml playbooks/main.yaml
+
+
+
+
+