all hosts have been converted to use apt pinning

author: Christian Pointner <equinox@spreadspace.org> 2021-09-16 23:57:31 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-09-16 23:57:31 +0200
commit: 5f925ca116c23a51d3043ebab314b15ff8e21ae4 (patch)
tree: 620d5da748f2d49a4071a1a5ae1cb48c6124f4ed /roles/kubernetes
parent: Merge branch 'topic/apt-hold-vs-pin' (diff)
3 files changed, 20 insertions, 28 deletions
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index 72cad066..04994fcc 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -44,15 +44,6 @@
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  loop:
-  - kubelet
-  - cri-tools
-  dpkg_selections:
-    name: "{{ item }}"
-    selection: install
-
 - name: configure endpoints for crictl
   copy:
     dest: /etc/crictl.yaml
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index abc0f3af..53c7c6f1 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -23,15 +23,6 @@
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  loop:
-  - kubeadm
-  - kubectl
-  dpkg_selections:
-    name: "{{ item }}"
-    selection: install
-
 - name: set kubelet node-ip
   when: kubernetes_overlay_node_ip is defined
   lineinfile:
diff --git a/roles/kubernetes/kubeadm/upgrade b/roles/kubernetes/kubeadm/upgrade
index dc0a360a..52fe1a5d 100644
--- a/roles/kubernetes/kubeadm/upgrade
+++ b/roles/kubernetes/kubeadm/upgrade
@@ -4,18 +4,22 @@ Cluster Upgrades:
 primary master:
 ---------------
 
-VERSION=1.20.2
+VERSION=1.22.2
+
 
 apt-get update
-apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00" && apt-mark hold kubeadm
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
+apt-get install -y "kubeadm=$VERSION-00"
 kubeadm version
 kubeadm upgrade plan
 
 kubectl drain $(hostname) --ignore-daemonsets --delete-local-data
 kubeadm upgrade apply "v$VERSION"
-
 sed "s/^kubernetesVersion: .*$/kubernetesVersion: $VERSION/" -i /etc/kubernetes/kubeadm.config
-apt-get update && apt-get install -y --allow-change-held-packages "kubelet=$VERSION-00" "kubectl=$VERSION-00" && apt-mark hold kubelet kubectl
+
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubectl.pref
+apt-get update && apt-get install -y "kubelet=$VERSION-00" "kubectl=$VERSION-00"
 
 // security updates + reboot ?
 
@@ -25,14 +29,17 @@ kubectl uncordon $(hostname)
 secondary master:
 -----------------
 
-VERSION=1.20.2
+VERSION=1.22.2
 
 apt-get update
-apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00" && apt-mark hold kubeadm
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
+apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00"
 
 kubectl drain $(hostname) --ignore-daemonsets --delete-local-data
 kubeadm upgrade node
-apt-mark unhold kubelet kubectl && apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00" && apt-mark hold kubelet kubectl
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubectl.pref
+apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00"
 
 // security updates + reboot ?
 
@@ -42,15 +49,18 @@ kubectl uncordon $(hostname)
 worker nodes:
 -------------
 
-VERSION=1.20.2
+VERSION=1.22.2
 
 apt-get update
-apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00" && apt-mark hold kubeadm
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
+apt-get install -y "kubeadm=$VERSION-00"
 
 @primary master: kubectl drain <node> --ignore-daemonsets --delete-local-data
 
 kubeadm upgrade node
-apt-mark unhold kubelet kubectl && apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00" && apt-mark hold kubelet kubectl
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubectl.pref
+apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00"
 
 // security updates + reboot ?
author	Christian Pointner <equinox@spreadspace.org>	2021-09-16 23:57:31 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-09-16 23:57:31 +0200
commit	5f925ca116c23a51d3043ebab314b15ff8e21ae4 (patch)
tree	620d5da748f2d49a4071a1a5ae1cb48c6124f4ed /roles/kubernetes
parent	Merge branch 'topic/apt-hold-vs-pin' (diff)