From c8f6eaccbab419cc9bfe1ef1bab1b89bd0af7439 Mon Sep 17 00:00:00 2001
From: Mike Wilson <knobby@burntsheep.com>
Date: Tue, 7 Nov 2017 14:54:18 -0500
Subject: [PATCH] Master now supports delayed upgrades. It will wait until
 specifically told to upgrade with an action unless the configuration option
 require-manual-upgrade is false.

---
 .../layers/kubernetes-master/actions.yaml     |  2 +
 .../layers/kubernetes-master/actions/upgrade  |  5 ++
 .../juju/layers/kubernetes-master/config.yaml |  6 +++
 .../reactive/kubernetes_master.py             | 46 ++++++++++++++++---
 4 files changed, 52 insertions(+), 7 deletions(-)
 create mode 100755 cluster/juju/layers/kubernetes-master/actions/upgrade

diff --git a/cluster/juju/layers/kubernetes-master/actions.yaml b/cluster/juju/layers/kubernetes-master/actions.yaml
index d2f6f495dd6..cfb74c248fc 100644
--- a/cluster/juju/layers/kubernetes-master/actions.yaml
+++ b/cluster/juju/layers/kubernetes-master/actions.yaml
@@ -46,3 +46,5 @@ namespace-delete:
       minLength: 2
   required:
     - name
+upgrade:
+    description: Upgrade the kubernetes snaps
\ No newline at end of file
diff --git a/cluster/juju/layers/kubernetes-master/actions/upgrade b/cluster/juju/layers/kubernetes-master/actions/upgrade
new file mode 100755
index 00000000000..7a115293b59
--- /dev/null
+++ b/cluster/juju/layers/kubernetes-master/actions/upgrade
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -eux
+
+charms.reactive set_state kubernetes-master.upgrade-specified
+exec hooks/config-changed
diff --git a/cluster/juju/layers/kubernetes-master/config.yaml b/cluster/juju/layers/kubernetes-master/config.yaml
index 09b80882550..18b2b691d57 100644
--- a/cluster/juju/layers/kubernetes-master/config.yaml
+++ b/cluster/juju/layers/kubernetes-master/config.yaml
@@ -70,3 +70,9 @@ options:
     description: |
       Comma separated authorization modes. Allowed values are
       "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
+  require-manual-upgrade:
+    type: boolean
+    default: true
+    description: |
+      When true, master nodes will not be upgraded until the user triggers
+      it manually by running the upgrade action.
diff --git a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
index e7b3b550654..1547bc8bc93 100644
--- a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
+++ b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
@@ -63,6 +63,22 @@ nrpe.Check.shortname_re = '[\.A-Za-z0-9-_]+$'
 os.environ['PATH'] += os.pathsep + os.path.join(os.sep, 'snap', 'bin')
 
 
+def set_upgrade_needed():
+    set_state('kubernetes-master.upgrade-needed')
+    config = hookenv.config()
+    previous_channel = config.previous('channel')
+    require_manual = config.get('require-manual-upgrade')
+    hookenv.log('set upgrade needed')
+    if previous_channel is None or not require_manual:
+        hookenv.log('forcing upgrade')
+        set_state('kubernetes-master.upgrade-specified')
+
+
+@when('config.changed.channel')
+def channel_changed():
+    set_upgrade_needed()
+
+
 def service_cidr():
     ''' Return the charm's service-cidr config '''
     db = unitdata.kv()
@@ -78,14 +94,21 @@ def freeze_service_cidr():
 
 
 @hook('upgrade-charm')
-def reset_states_for_delivery():
+def check_for_upgrade_needed():
     '''An upgrade charm event was triggered by Juju, react to that here.'''
+    hookenv.status_set('maintenance', 'Checking resources')
+
     migrate_from_pre_snaps()
-    install_snaps()
     add_rbac_roles()
     set_state('reconfigure.authentication.setup')
     remove_state('authentication.setup')
 
+    resources = ['kubectl', 'kube-apiserver', 'kube-controller-manager',
+                 'kube-scheduler', 'cdk-addons']
+    paths = [hookenv.resource_get(resource) for resource in resources]
+    if any_file_changed(paths):
+        set_upgrade_needed()
+
 
 def add_rbac_roles():
     '''Update the known_tokens file with proper groups.'''
@@ -172,6 +195,20 @@ def migrate_from_pre_snaps():
             os.remove(file)
 
 
+@when('kubernetes-master.upgrade-needed')
+@when_not('kubernetes-master.upgrade-specified')
+def upgrade_needed_status():
+    msg = 'Needs manual upgrade, run the upgrade action'
+    hookenv.status_set('blocked', msg)
+
+
+@when('kubernetes-master.upgrade-specified')
+def do_upgrade():
+    install_snaps()
+    remove_state('kubernetes-master.upgrade-needed')
+    remove_state('kubernetes-master.upgrade-specified')
+
+
 def install_snaps():
     channel = hookenv.config('channel')
     hookenv.status_set('maintenance', 'Installing kubectl snap')
@@ -189,11 +226,6 @@ def install_snaps():
     remove_state('kubernetes-master.components.started')
 
 
-@when('config.changed.channel')
-def channel_changed():
-    install_snaps()
-
-
 @when('config.changed.client_password', 'leadership.is_leader')
 def password_changed():
     """Handle password change via the charms config."""