starlingx
/
stx-puppet
Code Issues Proposed changes

Merge "kubernetes rootca pods update"

This commit is contained in:
Zuul 2021-07-15 13:30:21 +00:00 committed by Gerrit Code Review
parent 95cee7e69c 116e9bb5f2
commit 869d4779d6
2 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
puppet-manifests/src/modules/platform/manifests/kubernetes.pp
View File

@ -877,3 +877,23 @@ class platform::kubernetes::worker::rootca::trustbothcas::runtime
command => '/usr/bin/systemctl restart kubelet',
}
}
class platform::kubernetes::master::rootca::pods::trustbothcas::runtime
inherits ::platform::kubernetes::params {
exec { 'update_pods_trustbothcas':
environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' ],
provider => shell,
command => template('platform/kube-rootca-update-pods.erb'),
timeout => 600,
}
}
class platform::kubernetes::master::rootca::pods::trustnewca::runtime
inherits ::platform::kubernetes::params {
exec { 'update_pods_trustnewca':
environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' ],
provider => shell,
command => template('platform/kube-rootca-update-pods.erb'),
timeout => 600,
}
}

22
puppet-manifests/src/modules/platform/templates/kube-rootca-update-pods.erb Normal file
View File

@ -0,0 +1,22 @@
# Rolling restart pods for them to pickup the new cluster root CA certs
# Trigger rollout restart for all deployments and daemonsets so that they
# restart in parallel.
for namespace in $(kubectl get namespace -o jsonpath='{.items[*].metadata.name}'); do
for name in $(kubectl get deployments -n $namespace -o jsonpath='{.items[*].metadata.name}'); do
kubectl rollout restart deployment ${name} -n ${namespace}
done
for name in $(kubectl get daemonsets -n $namespace -o jsonpath='{.items[*].metadata.name}'); do
kubectl rollout restart daemonsets ${name} -n ${namespace}
done
done
# Check the rollout status.
for namespace in $(kubectl get namespace -o jsonpath='{.items[*].metadata.name}'); do
for name in $(kubectl get deployments -n $namespace -o jsonpath='{.items[*].metadata.name}'); do
kubectl rollout status deployment ${name} -n ${namespace}
done
for name in $(kubectl get daemonsets -n $namespace -o jsonpath='{.items[*].metadata.name}'); do
kubectl rollout status daemonsets ${name} -n ${namespace}
done
done