forked from kubermatic/kubeone
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTestUpgradeKubeletAndKubectlDebian.golden
149 lines (118 loc) · 4.65 KB
/
TestUpgradeKubeletAndKubectlDebian.golden
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
set -xeuo pipefail
export "PATH=$PATH:/sbin:/usr/local/bin:/opt/bin"
sudo swapoff -a
sudo sed -i '/.*swap.*/d' /etc/fstab
sudo systemctl disable --now ufw || true
source /etc/kubeone/proxy-env
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
ip_tables
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
sudo modprobe ip_tables
if modinfo nf_conntrack_ipv4 &> /dev/null; then
sudo modprobe nf_conntrack_ipv4
else
sudo modprobe nf_conntrack
fi
sudo mkdir -p /etc/sysctl.d
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
fs.inotify.max_user_watches = 1048576
kernel.panic = 10
kernel.panic_on_oops = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.netfilter.nf_conntrack_max = 1000000
vm.overcommit_memory = 1
EOF
sudo sysctl --system
sudo mkdir -p /etc/systemd/journald.conf.d
cat <<EOF | sudo tee /etc/systemd/journald.conf.d/max_disk_use.conf
[Journal]
SystemMaxUse=5G
EOF
sudo systemctl force-reload systemd-journald
sudo mkdir -p /etc/apt/apt.conf.d
cat <<EOF | sudo tee /etc/apt/apt.conf.d/proxy.conf
Acquire::https::Proxy "http://https.proxy";
Acquire::http::Proxy "http://http.proxy";
EOF
# Removing deprecated Kubernetes repositories from apt sources is needed when upgrading from older KubeOne versions,
# otherwise, apt-get update will fail to upgrade the packages.
if sudo grep -q "deb http://apt.kubernetes.io/ kubernetes-xenial main" /etc/apt/sources.list.d/kubernetes.list; then
rm -f /etc/apt/sources.list.d/kubernetes.list
fi
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install --option "Dpkg::Options::=--force-confold" -y --no-install-recommends \
apt-transport-https \
ca-certificates \
curl \
gnupg \
apparmor-utils \
lsb-release \
rsync
sudo install -m 0755 -d /etc/apt/keyrings
LATEST_STABLE=$(curl -sL https://dl.k8s.io/release/stable.txt | sed 's/\.[0-9]*$//')
curl -fsSL https://pkgs.k8s.io/core:/stable:/${LATEST_STABLE}/deb/Release.key | sudo gpg --dearmor --yes -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
kube_ver="1.30.0-*"
sudo apt-mark unhold kubelet kubeadm kubectl kubernetes-cni cri-tools
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release
sudo install -m 0755 -d /etc/apt/keyrings
sudo rm -f /etc/apt/keyrings/docker.gpg
curl -fsSL https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]')/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get update
sudo apt-mark unhold containerd.io || true
sudo DEBIAN_FRONTEND=noninteractive apt-get install \
--option "Dpkg::Options::=--force-confold" \
--no-install-recommends \
-y \
containerd.io='1.7.*'
sudo apt-mark hold containerd.io
sudo mkdir -p $(dirname /etc/containerd/config.toml)
sudo touch /etc/containerd/config.toml
sudo chmod 600 /etc/containerd/config.toml
cat <<EOF | sudo tee /etc/containerd/config.toml
version = 2
[metrics]
address = "127.0.0.1:1338"
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.k8s.io/pause:3.9"
device_ownership_from_security_context = true
[plugins."io.containerd.grpc.v1.cri".containerd]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
EOF
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
EOF
sudo systemctl daemon-reload
sudo systemctl enable containerd
sudo systemctl restart containerd
sudo DEBIAN_FRONTEND=noninteractive apt-get install \
--option "Dpkg::Options::=--force-confold" \
--no-install-recommends \
-y \
kubelet=${kube_ver} \
kubectl=${kube_ver} \
kubernetes-cni \
cri-tools
sudo apt-mark hold kubelet kubeadm kubectl kubernetes-cni cri-tools
sudo systemctl daemon-reload
sudo systemctl enable --now kubelet
sudo systemctl restart kubelet