2 - name: Check ansible version
3 import_playbook: ansible_version.yml
5 - name: Ensure compatibility with old groups
6 import_playbook: legacy_groups.yml
10 environment: "{{ proxy_disable_env }}"
12 - { role: kubespray-defaults }
13 - { role: bastion-ssh-config, tags: ["localhost", "bastion"] }
15 - hosts: k8s_cluster:etcd:calico_rr
17 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
19 environment: "{{ proxy_disable_env }}"
21 # Need to disable pipelining for bootstrap-os as some systems have requiretty in sudoers set, which makes pipelining
22 # fail. bootstrap-os fixes this on these systems, so in later plays it can be enabled.
23 ansible_ssh_pipelining: false
25 - { role: kubespray-defaults }
26 - { role: bootstrap-os, tags: bootstrap-os}
30 import_playbook: facts.yml
32 - name: Download images to ansible host cache via first kube_control_plane node
33 hosts: kube_control_plane[0]
35 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
36 environment: "{{ proxy_disable_env }}"
38 - { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost"}
39 - { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" }
40 - { role: download, tags: download, when: "not skip_downloads and download_run_once and not download_localhost" }
42 - name: Prepare nodes for upgrade
43 hosts: k8s_cluster:etcd:calico_rr
45 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
46 environment: "{{ proxy_disable_env }}"
48 - { role: kubespray-defaults }
49 - { role: kubernetes/preinstall, tags: preinstall }
50 - { role: download, tags: download, when: "not skip_downloads" }
52 - name: Upgrade container engine on non-cluster nodes
53 hosts: etcd:calico_rr:!k8s_cluster
55 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
56 environment: "{{ proxy_disable_env }}"
57 serial: "{{ serial | default('20%') }}"
59 - { role: kubespray-defaults }
60 - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
64 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
65 environment: "{{ proxy_disable_env }}"
67 - { role: kubespray-defaults }
71 etcd_cluster_setup: true
72 etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}"
73 when: etcd_deployment_type != "kubeadm"
77 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
78 environment: "{{ proxy_disable_env }}"
80 - { role: kubespray-defaults }
84 etcd_cluster_setup: false
85 etcd_events_cluster_setup: false
86 when: etcd_deployment_type != "kubeadm"
88 - name: Handle upgrades to master components first to maintain backwards compat.
90 hosts: kube_control_plane
91 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
92 environment: "{{ proxy_disable_env }}"
95 - { role: kubespray-defaults }
96 - { role: upgrade/pre-upgrade, tags: pre-upgrade }
97 - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
98 - { role: kubernetes/node, tags: node }
99 - { role: kubernetes/control-plane, tags: master, upgrade_cluster_setup: true }
100 - { role: kubernetes/client, tags: client }
101 - { role: kubernetes/node-label, tags: node-label }
102 - { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
103 - { role: kubernetes-apps, tags: csi-driver }
104 - { role: upgrade/post-upgrade, tags: post-upgrade }
106 - name: Upgrade calico and external cloud provider on all masters, calico-rrs, and nodes
107 hosts: kube_control_plane:calico_rr:kube_node
109 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
110 serial: "{{ serial | default('20%') }}"
111 environment: "{{ proxy_disable_env }}"
113 - { role: kubespray-defaults }
114 - { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller }
115 - { role: network_plugin, tags: network }
116 - { role: kubernetes-apps/network_plugin, tags: network }
117 - { role: kubernetes-apps/policy_controller, tags: policy-controller }
119 - name: Finally handle worker upgrades, based on given batch size
120 hosts: kube_node:calico_rr:!kube_control_plane
122 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
123 environment: "{{ proxy_disable_env }}"
124 serial: "{{ serial | default('20%') }}"
126 - { role: kubespray-defaults }
127 - { role: upgrade/pre-upgrade, tags: pre-upgrade }
128 - { role: container-engine, tags: "container-engine", when: deploy_container_engine }
129 - { role: kubernetes/node, tags: node }
130 - { role: kubernetes/kubeadm, tags: kubeadm }
131 - { role: kubernetes/node-label, tags: node-label }
132 - { role: upgrade/post-upgrade, tags: post-upgrade }
134 - hosts: kube_control_plane[0]
136 any_errors_fatal: true
137 environment: "{{ proxy_disable_env }}"
139 - { role: kubespray-defaults }
140 - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] }
144 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
145 environment: "{{ proxy_disable_env }}"
147 - { role: kubespray-defaults }
148 - { role: network_plugin/calico/rr, tags: network }
150 - hosts: kube_control_plane
152 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
153 environment: "{{ proxy_disable_env }}"
155 - { role: kubespray-defaults }
156 - { role: kubernetes-apps/ingress_controller, tags: ingress-controller }
157 - { role: kubernetes-apps/external_provisioner, tags: external-provisioner }
158 - { role: kubernetes-apps, tags: apps }
160 - name: Apply resolv.conf changes now that cluster DNS is up
163 any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
164 environment: "{{ proxy_disable_env }}"
166 - { role: kubespray-defaults }
167 - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }