Update the kubernetes bind mounts based on the desired versions

Before calling kubeadm/kubelet/kubectl we want to ensure that the bind mounts are properly set up so that we get the version of the command that is appropriate. We probably don't actually need to check the bind mounts in class platform::kubernetes::kubeadm since on initial install the ansible playbooks will set it, and during a kubernetes upgrade the runtime manifests should set them and persist the changes to /etc/fstab. That said, it won't hurt anything and won't add much delay to double-check on host startup. We also may not need to check the bind mounts in class platform::kubernetes::upgrade_first_control_plane since the kubeadm mount for the first controller should have been updated in class platform::kubernetes::pre_pull_control_plane_images and the kubelet mount doesn't get updated until class platform::kubernetes::master::upgrade_kubelet. But again it shouldn't cause problems to double-check it. Story: 2008972 Task: 42880 Change-Id: I3ec63c7ed069e521df320ebddb2e71aa8a9eedfe Depends-On: https://review.opendev.org/c/starlingx/config/+/802302 Signed-off-by: Chris Friesen <chris.friesen@windriver.com>
2021-07-23 17:14:48 -06:00 · 2021-07-23 17:14:48 -06:00 · 8218da9391
parent 571e0799a9
commit 8218da9391
1 changed files with 52 additions and 0 deletions
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@ -4,6 +4,8 @@ class platform::kubernetes::params (
  $upgrade_to_version = undef,
  # K8S version running on a host
  $version = undef,
+  $kubeadm_version = undef,
+  $kubelet_version = undef,
  $node_ip = undef,
  $service_domain = undef,
  $dns_service_ip = undef,
@ -68,6 +70,38 @@ class platform::kubernetes::configuration {
  }
 }

+class platform::kubernetes::bindmounts {
+  include ::platform::kubernetes::params
+
+  $kubeadm_version = $::platform::kubernetes::params::kubeadm_version
+  $kubelet_version = $::platform::kubernetes::params::kubelet_version
+
+  # In the following two bind mounts, the "remounts" option *must* be
+  # set to 'false' otherwise it doesn't work reliably.  In my testing
+  # (as of July 2021) it will update /etc/fstab but any existing
+  # mounts will be left untouched.  This sort of makes sense, as
+  # the mount man page specifies that the "remount" option does not
+  # change device or mount point and we may want to change the device.
+
+  notice("setting stage1 bind mount, kubeadm_version is ${kubeadm_version}")
+  mount { '/usr/local/kubernetes/current/stage1':
+    ensure   => mounted,
+    device   => "/usr/local/kubernetes/${kubeadm_version}/stage1",
+    fstype   => 'none',
+    options  => 'rw,bind',
+    remounts => false,
+  }
+
+  notice("setting stage2 bind mount, kubelet_version is ${kubelet_version}")
+  mount { '/usr/local/kubernetes/current/stage2':
+    ensure   => mounted,
+    device   => "/usr/local/kubernetes/${kubelet_version}/stage2",
+    fstype   => 'none',
+    options  => 'rw,bind',
+    remounts => false,
+  }
+}
+
 class platform::kubernetes::cgroup::params (
  $cgroup_root = '/sys/fs/cgroup',
  $cgroup_name = 'k8s-infra',
@ -149,6 +183,9 @@ class platform::kubernetes::kubeadm {
  include ::platform::kubernetes::params
  include ::platform::params

+  # Update kubeadm/kubelet bindmounts if needed.
+  require platform::kubernetes::bindmounts
+
  $node_ip = $::platform::kubernetes::params::node_ip
  $host_labels = $::platform::kubernetes::params::host_labels
  $k8s_platform_cpuset = $::platform::kubernetes::params::k8s_platform_cpuset
@ -634,6 +671,9 @@ class platform::kubernetes::pre_pull_control_plane_images

  include ::platform::dockerdistribution::params

+  # Update kubeadm bindmount if needed
+  require platform::kubernetes::bindmounts
+
  $local_registry_auth = "${::platform::dockerdistribution::params::registry_username}:${::platform::dockerdistribution::params::registry_password}" # lint:ignore:140chars

  exec { 'pre pull images':
@ -647,6 +687,9 @@ class platform::kubernetes::upgrade_first_control_plane

  include ::platform::params

+  # Update kubeadm bindmount if needed.
+  require platform::kubernetes::bindmounts
+
  # The --allow-*-upgrades options allow us to upgrade to any k8s release if necessary
  exec { 'upgrade first control plane':
    command   => "kubeadm --kubeconfig=/etc/kubernetes/admin.conf upgrade apply ${version} --allow-experimental-upgrades --allow-release-candidate-upgrades -y", # lint:ignore:140chars
@ -677,6 +720,9 @@ class platform::kubernetes::upgrade_first_control_plane
 class platform::kubernetes::upgrade_control_plane
  inherits ::platform::kubernetes::params {

+  # Update kubeadm bindmount if needed.
+  require platform::kubernetes::bindmounts
+
  # control plane is only upgraded on a controller (which has admin.conf)
  exec { 'upgrade control plane':
    command   => 'kubeadm --kubeconfig=/etc/kubernetes/admin.conf upgrade node',
@ -687,6 +733,9 @@ class platform::kubernetes::upgrade_control_plane
 class platform::kubernetes::master::upgrade_kubelet
  inherits ::platform::kubernetes::params {

+  # Update kubeadm/kubelet bindmounts if needed.
+  require platform::kubernetes::bindmounts
+
  exec { 'restart kubelet':
      command => '/usr/local/sbin/pmon-restart kubelet'
  }
@ -697,6 +746,9 @@ class platform::kubernetes::worker::upgrade_kubelet

  include ::platform::dockerdistribution::params

+  # Update kubeadm/kubelet bindmounts if needed.
+  require platform::kubernetes::bindmounts
+
  # workers use kubelet.conf rather than admin.conf
  $local_registry_auth = "${::platform::dockerdistribution::params::registry_username}:${::platform::dockerdistribution::params::registry_password}" # lint:ignore:140chars