Page MenuHomePhabricator
Create Task
Maniphest T250867

Script the process of upgrading a node with kubeadm to 1.16.9
Closed, ResolvedPublic
Actions

Description

The process of upgrading nodes is fairly long and tedious. While the control plane should be done with manual care, one node at a time, the worker nodes should probably have a much more automated process:

All worker nodes should have kubeadm upgraded to 1.16.9 before beginning. Refer to https://v1-16.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/

  1. Drain with kubectl drain --force --ignore-daemonsets --delete-local-data $node
  2. kubeadm upgrade node on the node
  3. Upgrade kubelet, docker, containerd.io
  4. Restart docker and kubelet
  5. kubectl uncordon $node

The process should be done either one-at-a-time or in small batches to avoid overloading nodes during the depooling. It may be possible to encode this all in a spicerack cookbook? It may just be a small script run from a local machine.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
toolforge-k8s: proposing removing hostkey checking for the upgradesoperations/puppetproduction+2 -2
kubeadm: wmcs-k8s-node-upgrade.py: force certificate renewal with kubeadmoperations/puppetproduction+1 -1
kubeadm: wmcs-k8s-node-upgrade: don't skip the pause stageoperations/puppetproduction+0 -3
kubeadm: wmcs-k8s-node-upgrade.py: add more force options to apt-get installoperations/puppetproduction+3 -2
kubeadm: wmcs-k8s-node-upgrade.py: upgrade docker-ce not dockeroperations/puppetproduction+1 -1
kubeadm: wmcs-k8s-node-upgrade: improve a bit output readingoperations/puppetproduction+7 -3
apt-upgrade: give support to understand dist/componentoperations/puppetproduction+43 -19
kubeadm: add wmcs-k8s-node-upgrade.py scriptoperations/puppetproduction+423 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bstorm created this task.Apr 21 2020, 9:35 PM
Bstorm mentioned this in T246122: Upgrade the Toolforge Kubernetes cluster to v1.16.
JHedden assigned this task to Bstorm.May 5 2020, 4:15 PM
JHedden triaged this task as High priority.
JHedden moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
Bstorm reassigned this task from Bstorm to aborrero.May 5 2020, 7:12 PM
gerritbot added a comment.May 12 2020, 3:31 PM

Change 595964 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] kubeadm: add wmcs-k8s-node-upgrade.py script

https://gerrit.wikimedia.org/r/595964

gerritbot added a project: Patch-For-Review.May 12 2020, 3:31 PM
aborrero added a comment.May 13 2020, 11:29 AM

I created some docs for this script in https://wikitech.wikimedia.org/wiki/Portal:Toolforge/Admin/Kubernetes/Upgrading_Kubernetes

gerritbot added a comment.May 14 2020, 9:28 AM

Change 595964 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] kubeadm: add wmcs-k8s-node-upgrade.py script

https://gerrit.wikimedia.org/r/595964

Maintenance_bot removed a project: Patch-For-Review.May 14 2020, 10:10 AM
gerritbot added a comment.May 14 2020, 5:11 PM

Change 596483 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] apt-upgrade: give support to understand dist/component

https://gerrit.wikimedia.org/r/596483

gerritbot added a project: Patch-For-Review.May 14 2020, 5:11 PM
gerritbot added a comment.May 20 2020, 9:33 AM

Change 596483 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] apt-upgrade: give support to understand dist/component

https://gerrit.wikimedia.org/r/596483

Maintenance_bot removed a project: Patch-For-Review.May 20 2020, 10:10 AM
aborrero closed this task as Resolved.May 26 2020, 9:22 AM

Closing task for now, this seems done.

gerritbot added a comment.May 27 2020, 12:30 PM

Change 599006 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade: improve a bit output reading

https://gerrit.wikimedia.org/r/599006

gerritbot added a project: Patch-For-Review.May 27 2020, 12:30 PM
gerritbot added a comment.May 27 2020, 1:59 PM

Change 599006 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade: improve a bit output reading

https://gerrit.wikimedia.org/r/599006

Maintenance_bot removed a project: Patch-For-Review.May 27 2020, 2:10 PM
gerritbot added a comment.May 28 2020, 3:54 PM

Change 599367 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade.py: upgrade docker-ce not docker

https://gerrit.wikimedia.org/r/599367

gerritbot added a project: Patch-For-Review.May 28 2020, 3:54 PM
gerritbot added a comment.May 28 2020, 3:57 PM

Change 599367 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade.py: upgrade docker-ce not docker

https://gerrit.wikimedia.org/r/599367

gerritbot added a comment.May 28 2020, 4:03 PM

Change 599371 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade.py: add more force options to apt-get install

https://gerrit.wikimedia.org/r/599371

gerritbot added a comment.May 28 2020, 4:05 PM

Change 599371 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade.py: add more force options to apt-get install

https://gerrit.wikimedia.org/r/599371

Maintenance_bot removed a project: Patch-For-Review.May 28 2020, 4:10 PM
gerritbot added a comment.May 28 2020, 4:23 PM

Change 599374 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade: don't skip the pause stage

https://gerrit.wikimedia.org/r/599374

gerritbot added a project: Patch-For-Review.May 28 2020, 4:23 PM
gerritbot added a comment.May 28 2020, 4:28 PM

Change 599374 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade: don't skip the pause stage

https://gerrit.wikimedia.org/r/599374

gerritbot added a comment.May 28 2020, 4:33 PM

Change 599380 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade.py: force certificate renewal with kubeadm

https://gerrit.wikimedia.org/r/599380

gerritbot added a comment.May 28 2020, 4:35 PM

Change 599380 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] kubeadm: wmcs-k8s-node-upgrade.py: force certificate renewal with kubeadm

https://gerrit.wikimedia.org/r/599380

Maintenance_bot removed a project: Patch-For-Review.May 28 2020, 5:12 PM
gerritbot added a comment.May 28 2020, 11:38 PM

Change 599472 had a related patch set uploaded (by Bstorm; owner: Bstorm):
[operations/puppet@production] toolforge-k8s: proposing removing hostkey checking for the upgrades

https://gerrit.wikimedia.org/r/599472

gerritbot added a project: Patch-For-Review.May 28 2020, 11:38 PM
gerritbot added a comment.Jun 1 2020, 11:14 AM

Change 599472 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] toolforge-k8s: proposing removing hostkey checking for the upgrades

https://gerrit.wikimedia.org/r/599472

Maintenance_bot removed a project: Patch-For-Review.Jun 1 2020, 12:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits