From 84c7fef5537caeaf9150d7547bca354e714672a2 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 16 Sep 2021 13:28:04 +0200
Subject: kubernetes/kubeadm/base: apt pinning vs package hold

---
 roles/kubernetes/kubeadm/base/tasks/main.yml | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'roles/kubernetes/kubeadm/base')

diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 0fab7845..abc0f3af 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -1,4 +1,15 @@
 ---
+- name: generate apt pin files for kubeadm and kubectl
+  loop:
+  - kubeadm
+  - kubectl
+  copy:
+    dest: "/etc/apt/preferences.d/{{ item }}.pref"
+    content: |
+      Package: {{ item }}
+      Pin: version {{ kubernetes_version }}-00
+      Pin-Priority: 1001
+
 - name: install kubeadm packages
   apt:
     name:
@@ -8,17 +19,18 @@
     - "kubectl={{ kubernetes_version }}-00"
     state: present
     force: yes
-    ## TODO: remove force once the following changes are available
-    ##   https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562
+    # allow_downgrade: yes
+    ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-- name: disable automatic upgrades for kubeadm/kubectl
+  ## TODO: remove this when all machines are migrated to use pin files
+- name: unhold packages (we now use APT pinning)
   loop:
   - kubeadm
   - kubectl
   dpkg_selections:
     name: "{{ item }}"
-    selection: hold
+    selection: install
 
 - name: set kubelet node-ip
   when: kubernetes_overlay_node_ip is defined
-- 
cgit v1.2.3