Page MenuHomePhabricator
Create Task
Maniphest T308172

Upgrade PAWS to Kubernetes 1.21
Closed, ResolvedPublic
Actions

Description

for Toolforge see T282942

https://etherpad.wikimedia.org/p/WMCS-2021-11-10-paws-k8s-upgrade

preparation

  • disable puppet on all control/worker/ingress nodes

from: cloud-cumin-04.cloudinfra.eqiad1.wikimedia.cloud

  • sudo cumin project:paws # check that it finds the expected hosts
  • sudo cumin project:paws 'puppet agent --disable "upgrading k8s rook"'
  • update project-wide (plus control-specific) version hiera key

profile::wmcs::kubeadm::component: 'thirdparty/kubeadm-k8s-1-20'
TO
profile::wmcs::kubeadm::component: 'thirdparty/kubeadm-k8s-1-21'

  • update topic on wikimedia-cloud "Status: Ok" to "Status: upgrading paws k8s"

first api server / paws-k8s-control-1.paws.eqiad1.wikimedia.cloud

  • kubectl drain paws-k8s-control-1 --ignore-daemonsets
  • run-puppet-agent --force && apt-get install kubeadm
  • kubeadm upgrade plan 1.21.8
  • kubeadm upgrade apply 1.21.8
  • apt-get install kubelet kubectl docker-ce containerd.io helm
  • systemctl restart kubelet.service docker.service
  • cp /etc/kubernetes/admin.conf /root/.kube/config
  • kubectl uncordon paws-k8s-control-1
  • Don't proceed until you wait a minute or two and observe that the static pods on this control node are NOT crash looping and are working well.
    • if scheduler permission issue, reboot

paws-k8s-control-2.paws.eqiad1.wikimedia.cloud

  • kubectl drain paws-k8s-control-2 --ignore-daemonsets
  • run-puppet-agent --force && apt-get install kubeadm
  • kubeadm upgrade node
  • apt-get install kubelet kubectl docker-ce containerd.io helm
  • systemctl restart kubelet.service docker.service
  • cp /etc/kubernetes/admin.conf /root/.kube/config
  • kubectl uncordon paws-k8s-control-2
  • Don't proceed until you wait a minute or two and observe that the static pods on this control node are NOT crash looping and are working well. (scheduler permission issue, rebooted)

paws-k8s-control-3.paws.eqiad1.wikimedia.cloud

  • kubectl drain paws-k8s-control-3 --ignore-daemonsets
  • run-puppet-agent --force && apt-get install kubeadm
  • kubeadm upgrade node
  • apt-get install kubelet kubectl docker-ce containerd.io helm
  • systemctl restart kubelet.service docker.service
  • cp /etc/kubernetes/admin.conf /root/.kube/config
  • kubectl uncordon paws-k8s-control-3
  • Don't proceed until you wait a minute or two and observe that the static pods on this control node are NOT crash looping and are working well. (control manager perm issue, rebooted)

run ingress and worker nodes with:
user@laptop:~/stuff/wm-puppet.git $ modules/kubeadm/files/wmcs-k8s-node-upgrade.py --control paws-k8s-control-1 --project paws --file nodelist.txt --src 1.20.11 --dst 1.21.8

ingress workers

(use the script only after following the special procedures in https://wikitech.wikimedia.org/wiki/Portal:Toolforge/Admin/Kubernetes/Upgrading_Kubernetes#Ingress_nodes)
Though in this case run:

kubectl -n ingress-nginx-gen2 scale deployment ingress-nginx-gen2-controller --replicas=1

As there are only 2 nodes. Either the first or second will result in some downtime as one needs to kill the remaining pod to run this. Rumor has it that we need to scale like this, though that seems to be rumor, might be better to not scale.
paws-k8s-ingress-4
paws-k8s-ingress-3

workers

paws-k8s-worker-7
paws-k8s-worker-6
paws-k8s-worker-5
paws-k8s-worker-4
paws-k8s-worker-3
paws-k8s-worker-2
paws-k8s-worker-1

  • based on last time, seems to be safe to run two upgrade processes at once to speed things up
    • this was on toolforge, not sure if it applies on paws
  • NOTE: ingress nodes will get scheduled on normal workers, and need to be deleted to get them running back on the ingress nodes

finishing touches

  • merge https://github.com/toolforge/paws/pull/148
  • re-enable puppet on paws nodes from cloud-cumin-04.cloudinfra.eqiad1.wikimedia.cloud
  • sudo cumin project:paws 'puppet agent --enable'
  • revert topic changes on -cloud

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT362869 Upgrade Toolforge to Uwubernetes
 OpenNoneT362868 Upgrade Toolforge Kubernetes to version 1.29
 OpenNoneT362867 Upgrade Toolforge Kubernetes to version 1.28
 OpenNoneT359641 [infra,k8s] Upgrade Toolforge Kubernetes to version 1.27
 OpenNoneT327025 Upgrade Toolforge Kubernetes to version 1.26
 OpenNoneT316107 Upgrade Toolforge Kubernetes to version 1.25
 ResolvedaborreroT307651 Upgrade Toolforge Kubernetes to version 1.24
 ResolvedtaaviT298005 Upgrade Toolforge Kubernetes to version 1.23
 ResolvedtaaviT286856 Upgrade Toolforge Kubernetes to latest 1.22
 ResolvedrookT308172 Upgrade PAWS to Kubernetes 1.21
 ResolvedtaaviT282942 Upgrade Toolforge Kubernetes to latest 1.21
 ResolvedrookT280402 Upgrade Toolforge Kubernetes to latest 1.20
 ResolvedtaaviT280340 Upgrade Toolforge Kubernetes to latest 1.19
 ResolvedtaaviT280299 Upgrade Toolforge Kubernetes to latest 1.18
 ResolvedtaaviT280300 Validate that maintain-kubeusers works with k8s 1.18
 ResolvedtaaviT280301 Refresh certs that are not controlled by kubeadm
 ResolvedtaaviT280302 Upgrade PAWS Kubernetes to the latest 1.18 release
 ResolvedtaaviT264221 Upgrade the nginx ingress controller in Toolforge (and likely PAWS)
 Resolved BstormT282087 Support cinder or expanded ephemeral disk worker nodes on Toolforge Kubernetes
 ResolvedtaaviT284353 Fix prometheus monitoring for Toolforge Ingress
 ResolvedtaaviT280342 Upgrade Calico to 3.18
 ResolvedtaaviT280360 Update ingress-admission-controller to support Ingress from networking.k8s.io/v1
 ResolvedtaaviT279106 Establish replacement for PodPresets in Toolforge Kubernetes
 Resolved BstormT292672 Issue creating pods after migration away from PodPresets
 DeclinedNoneT290531 Weird issue with the wmcs-k8s-node-upgrade.py script
 ResolvedrookT291976 Upgrade toolsbeta to k8s 1.20
 ResolvedtaaviT292698 Upgrade calico to 3.21
 ResolvedBUG REPORTNoneT308189 Toolforge jobs stopped getting scheduled around the same time as the Toolforge k8s cluster upgrade
 OpenNoneT308203 Create an alert for K8s cronjobs
 ResolvedtaaviT308204 toolforge-jobs should set startingDeadlineSeconds by default
 ResolvedtaaviT308205 Re-enable CronJobControllerV2
 OpenNoneT308381 toolforge: Scrape Kubernetes controller-manager and apiserver metrics into Prometheus
 ResolvedrookT308274 test PAWS in k8s 1.21.8
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL