Merge pull request #55990 from hyperbolic2346/rollup

Automatic merge from submit-queue (batch tested with PRs 55615, 56010, 55990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Master now supports staged upgrades. It will wait until specifically told to upgrade with an action unless the configuration option require-manual-upgrade is false and then master nodes will upgrade immediately. **What this PR does / why we need it**: This update alters the kubernetes-master upgrade path for juju charms. It makes the master act like the worker in that it blocks the upgrade until each unit is specifically requested to update. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: PR for tests coming momentarily to juju-solutions/kubernetes-jenkins **Release note**: ```release-note Upgrading the kubernetes-master units now results in staged upgrades just like the kubernetes-worker nodes. Use the upgrade action in order to continue the upgrade process on each unit such as `juju run-action kubernetes-master/0 upgrade` ```
2025-07-29 14:37:00 +00:00 · 2017-11-20 04:50:03 -08:00 · 2017-11-20 04:50:03 -08:00 · 6f1b655773
commit 6f1b655773
parent 2325b45a7a c8f6eaccba
4 changed files with 52 additions and 7 deletions
--- a/cluster/juju/layers/kubernetes-master/actions.yaml
+++ b/cluster/juju/layers/kubernetes-master/actions.yaml
@ -46,3 +46,5 @@ namespace-delete:
      minLength: 2
  required:
    - name
+upgrade:
+    description: Upgrade the kubernetes snaps
--- a/cluster/juju/layers/kubernetes-master/actions/upgrade
+++ b/cluster/juju/layers/kubernetes-master/actions/upgrade
@ -0,0 +1,5 @@
+#!/bin/sh
+set -eux
+
+charms.reactive set_state kubernetes-master.upgrade-specified
+exec hooks/config-changed
--- a/cluster/juju/layers/kubernetes-master/config.yaml
+++ b/cluster/juju/layers/kubernetes-master/config.yaml
@ -70,3 +70,9 @@ options:
    description: |
      Comma separated authorization modes. Allowed values are
      "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
+  require-manual-upgrade:
+    type: boolean
+    default: true
+    description: |
+      When true, master nodes will not be upgraded until the user triggers
+      it manually by running the upgrade action.
--- a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
+++ b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
@ -63,6 +63,22 @@ nrpe.Check.shortname_re = '[\.A-Za-z0-9-_]+$'
 os.environ['PATH'] += os.pathsep + os.path.join(os.sep, 'snap', 'bin')


+def set_upgrade_needed():
+    set_state('kubernetes-master.upgrade-needed')
+    config = hookenv.config()
+    previous_channel = config.previous('channel')
+    require_manual = config.get('require-manual-upgrade')
+    hookenv.log('set upgrade needed')
+    if previous_channel is None or not require_manual:
+        hookenv.log('forcing upgrade')
+        set_state('kubernetes-master.upgrade-specified')
+
+
+@when('config.changed.channel')
+def channel_changed():
+    set_upgrade_needed()
+
+
 def service_cidr():
    ''' Return the charm's service-cidr config '''
    db = unitdata.kv()
@ -78,14 +94,21 @@ def freeze_service_cidr():


@hook('upgrade-charm')
-def reset_states_for_delivery():
+def check_for_upgrade_needed():
    '''An upgrade charm event was triggered by Juju, react to that here.'''
+    hookenv.status_set('maintenance', 'Checking resources')
+
    migrate_from_pre_snaps()
-    install_snaps()
    add_rbac_roles()
    set_state('reconfigure.authentication.setup')
    remove_state('authentication.setup')

+    resources = ['kubectl', 'kube-apiserver', 'kube-controller-manager',
+                 'kube-scheduler', 'cdk-addons']
+    paths = [hookenv.resource_get(resource) for resource in resources]
+    if any_file_changed(paths):
+        set_upgrade_needed()
+

 def add_rbac_roles():
    '''Update the known_tokens file with proper groups.'''
@ -172,6 +195,20 @@ def migrate_from_pre_snaps():
            os.remove(file)


+@when('kubernetes-master.upgrade-needed')
+@when_not('kubernetes-master.upgrade-specified')
+def upgrade_needed_status():
+    msg = 'Needs manual upgrade, run the upgrade action'
+    hookenv.status_set('blocked', msg)
+
+
+@when('kubernetes-master.upgrade-specified')
+def do_upgrade():
+    install_snaps()
+    remove_state('kubernetes-master.upgrade-needed')
+    remove_state('kubernetes-master.upgrade-specified')
+
+
 def install_snaps():
    channel = hookenv.config('channel')
    hookenv.status_set('maintenance', 'Installing kubectl snap')
@ -189,11 +226,6 @@ def install_snaps():
    remove_state('kubernetes-master.components.started')


-@when('config.changed.channel')
-def channel_changed():
-    install_snaps()
-
-
@when('config.changed.client_password', 'leadership.is_leader')
 def password_changed():
    """Handle password change via the charms config."""