Upgrade to k8s v1.8.4

Author: dkoshkin

Makefile

@@ -18,7 +18,7 @@ ANSIBLE_VERSION = 2.3.0.0
 PROVISIONER_VERSION = v1.6.2
 KUBERANG_VERSION = v1.2.2
 GO_VERSION = 1.8.4
-KUBECTL_VERSION = v1.8.3
+KUBECTL_VERSION = v1.8.4
 HELM_VERSION = v2.7.0
 
 ifeq ($(origin GLIDE_GOOS), undefined)

README.md

@@ -26,7 +26,7 @@ KET operational tools include:
 ## Components
 | Component | Version |
 | --- | --- |
-| Kubernetes | v1.8.3 |
+| Kubernetes | v1.8.4 |
 | Docker | v1.12.6 |
 | Etcd (for Kubernetes) | v3.1.10 |
 | Etcd (for Calico & Contiv) | v3.1.10 |

ansible/group_vars/all.yaml

@@ -1,7 +1,7 @@
 #===============================================================================
 # VERSIONS
-kubernetes_yum_version: 1.8.3-0
-kubernetes_deb_version: 1.8.3-00
+kubernetes_yum_version: 1.8.4-0
+kubernetes_deb_version: 1.8.4-00
 docker_engine_yum_version: 1.12.6-1.el7.centos
 docker_engine_apt_version: 1.12.6-0~ubuntu-xenial
 glusterfs_server_version_rhel: "3.8.15-2.el7"

ansible/group_vars/container_images.yaml

@@ -4,16 +4,16 @@ official_images:
     version: v3.1.10
   kube_proxy:
     name: gcr.io/google-containers/kube-proxy-amd64
-    version: v1.8.3
+    version: v1.8.4
   kube_controller_manager:
     name: gcr.io/google-containers/kube-controller-manager-amd64
-    version: v1.8.3
+    version: v1.8.4
   kube_scheduler:
     name: gcr.io/google-containers/kube-scheduler-amd64
-    version: v1.8.3
+    version: v1.8.4
   kube_apiserver:
     name: gcr.io/google-containers/kube-apiserver-amd64
-    version: v1.8.3
+    version: v1.8.4
   calico_node:
     name: calico/node
     version: v2.6.2

docs/packages.md

@@ -39,7 +39,7 @@ EOF'
 | Component | Install Command |
 | ---- | ---- |
 | Etcd Node | `sudo yum -y install docker-engine-1.12.6-1.el7.centos` |
-| Kubernetes Node | `sudo yum -y install docker-engine-1.12.6-1.el7.centos nfs-utils kubelet-1.8.3-0 kubectl-1.8.3-0` |
+| Kubernetes Node | `sudo yum -y install docker-engine-1.12.6-1.el7.centos nfs-utils kubelet-1.8.4-0 kubectl-1.8.4-0` |
 
 ## Installing via DEB (Ubuntu Xenial)
 
@@ -90,7 +90,7 @@ sudo apt-get update
 | Component | Install Command |
 | ---- | ---- |
 | Etcd Node | `sudo apt-get install -y docker-engine=1.12.6-0~ubuntu-xenial` |
-| Kubernetes Node | `sudo apt-get install -y docker-engine=1.12.6-0~ubuntu-xenial nfs-common kubelet=1.8.3-00 kubectl=1.8.3-00` |
+| Kubernetes Node | `sudo apt-get install -y docker-engine=1.12.6-0~ubuntu-xenial nfs-common kubelet=1.8.4-00 kubectl=1.8.4-00` |
 
 #### Stop the kubelet
 When the Ubuntu kubelet package is installed the service will be started and will bind to ports. This will cause some preflight port checks to fail.

docs/provision.md

@@ -123,14 +123,14 @@ If you are building a large cluster or one that won't have access to these repos
     <td></td>
   </tr>
   <tr>
-    <td>Kismatic package of Kubernetes kubelet 1.8.3</td>
+    <td>Kismatic package of Kubernetes kubelet 1.8.4</td>
     <td>Kubernetes</td>
     <td></td>
     <td>yes</td>
     <td>yes</td>
   </tr>
   <tr>
-    <td>Kismatic package of Kubernetes kubectl 1.8.3</td>
+    <td>Kismatic package of Kubernetes kubectl 1.8.4</td>
     <td>Kubernetes</td>
     <td></td>
     <td>yes</td>

integration/prepare.go

@@ -52,9 +52,9 @@ EOF`
 	moveGlusterRepoFileYum    = `sudo mv /tmp/gluster.repo /etc/yum.repos.d`
 
 	installDockerYum          = `sudo yum -y install docker-engine-1.12.6-1.el7.centos`
-	installKubeletYum         = `sudo yum -y install kubelet-1.8.3-0`
+	installKubeletYum         = `sudo yum -y install kubelet-1.8.4-0`
 	installNFSUtilsYum        = `sudo yum -y install nfs-utils` // required for the kubelet
-	installKubectlYum         = `sudo yum -y install kubectl-1.8.3-0`
+	installKubectlYum         = `sudo yum -y install kubectl-1.8.4-0`
 	installGlusterfsServerYum = `sudo yum -y install --nogpgcheck glusterfs-server-3.8.15-2.el7`
 
 	updateAptGet        = `sudo apt-get update`
@@ -64,10 +64,10 @@ EOF`
 
 	addKubernetesRepoKeyApt = `wget -qO - https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -`
 	addKubernetesRepoApt    = `sudo add-apt-repository "deb https://packages.cloud.google.com/apt/ kubernetes-xenial main"`
-	installKubeletApt       = `sudo apt-get -y install kubelet=1.8.3-00`
+	installKubeletApt       = `sudo apt-get -y install kubelet=1.8.4-00`
 	stopKubeletService      = `sudo systemctl stop kubelet`
 	installNFSCommonApt     = `sudo apt-get -y install nfs-common`
-	installKubectlApt       = `sudo apt-get -y install kubectl=1.8.3-00`
+	installKubectlApt       = `sudo apt-get -y install kubectl=1.8.4-00`
 
 	addGlusterRepoApt         = `sudo add-apt-repository -y ppa:gluster/glusterfs-3.8`
 	installGlusterfsServerApt = `sudo apt-get -y install glusterfs-server=3.8.15-ubuntu1~xenial1`

integration/upgrade_test.go

@@ -12,6 +12,230 @@ import (
 var _ = Describe("Upgrade", func() {
 
 	Describe("Upgrading a cluster using online mode", func() {
+		Context("From KET version v1.6.2", func() {
+			BeforeEach(func() {
+				dir := setupTestWorkingDirWithVersion("v1.6.2")
+				os.Chdir(dir)
+			})
+
+			Context("Using a minikube layout", func() {
+				Context("Using CentOS 7", func() {
+					ItOnAWS("should be upgraded [slow] [upgrade]", func(aws infrastructureProvisioner) {
+						WithMiniInfrastructure(CentOS7, aws, func(node NodeDeets, sshKey string) {
+							installAndUpgradeMinikube(node, sshKey, true)
+						})
+					})
+				})
+
+				Context("Using RedHat 7", func() {
+					ItOnAWS("should be upgraded [slow] [upgrade]", func(aws infrastructureProvisioner) {
+						WithMiniInfrastructure(RedHat7, aws, func(node NodeDeets, sshKey string) {
+							installAndUpgradeMinikube(node, sshKey, true)
+						})
+					})
+				})
+			})
+
+			// This spec will be used for testing non-destructive kismatic features on
+			// an upgraded cluster.
+			// This spec is open to modification when new assertions have to be made.
+			Context("Using a skunkworks cluster", func() {
+				ItOnAWS("should result in an upgraded cluster [slow] [upgrade]", func(aws infrastructureProvisioner) {
+					WithInfrastructureAndDNS(NodeCount{Etcd: 3, Master: 2, Worker: 3, Ingress: 2, Storage: 2}, Ubuntu1604LTS, aws, func(nodes provisionedNodes, sshKey string) {
+						// reserve one of the workers for the add-worker test
+						allWorkers := nodes.worker
+						nodes.worker = allWorkers[0 : len(nodes.worker)-1]
+
+						// Standup cluster with previous version
+						opts := installOptions{}
+						err := installKismatic(nodes, opts, sshKey)
+						FailIfError(err)
+
+						// Extract current version of kismatic
+						extractCurrentKismaticInstaller()
+
+						// Perform upgrade
+						upgradeCluster(true)
+
+						sub := SubDescribe("Using an upgraded cluster")
+						defer sub.Check()
+
+						sub.It("should have working storage volumes", func() error {
+							return testStatefulWorkload(nodes, sshKey)
+						})
+
+						sub.It("should allow adding a worker node", func() error {
+							newWorker := allWorkers[len(allWorkers)-1]
+							return addWorkerToCluster(newWorker, sshKey, []string{})
+						})
+
+						sub.It("should be able to deploy a workload with ingress", func() error {
+							return verifyIngressNodes(nodes.master[0], nodes.ingress, sshKey)
+						})
+
+						// Use master[0] public IP
+						sub.It("should have an accessible dashboard", func() error {
+							return canAccessDashboard(fmt.Sprintf("https://admin:abbazabba@%s:6443/ui", nodes.master[0].PublicIP))
+						})
+
+						sub.It("should respect network policies", func() error {
+							return verifyNetworkPolicy(nodes.master[0], sshKey, false)
+						})
+
+						// This test should always be last
+						sub.It("should still be a highly available cluster after upgrade", func() error {
+							By("Removing a Kubernetes master node")
+							if err = aws.TerminateNode(nodes.master[0]); err != nil {
+								return fmt.Errorf("could not remove node: %v", err)
+							}
+							By("Re-running Kuberang")
+							if err = runViaSSH([]string{"sudo kuberang"}, []NodeDeets{nodes.master[1]}, sshKey, 5*time.Minute); err != nil {
+								return err
+							}
+							return nil
+						})
+					})
+				})
+			})
+
+			Context("Using a cluster that has no internet access [slow] [upgrade]", func() {
+				Context("With nodes running CentOS 7", func() {
+					ItOnAWS("should result in an upgraded cluster", func(aws infrastructureProvisioner) {
+						distro := CentOS7
+						WithInfrastructure(NodeCount{Etcd: 1, Master: 1, Worker: 2, Ingress: 1, Storage: 1}, distro, aws, func(nodes provisionedNodes, sshKey string) {
+							// One of the nodes will function as a repo mirror and image registry
+							repoNode := nodes.worker[1]
+							nodes.worker = nodes.worker[0:1]
+							// Standup cluster with previous version
+							opts := installOptions{
+								disconnectedInstallation: false, // we want KET to install the packages, so let it use the package repo
+								modifyHostsFiles:         true,
+							}
+							err := installKismatic(nodes, opts, sshKey)
+							FailIfError(err)
+
+							// Extract current version of kismatic
+							extractCurrentKismaticInstaller()
+
+							By("Creating a package repository")
+							err = createPackageRepositoryMirror(repoNode, distro, sshKey)
+							FailIfError(err, "Error creating local package repo")
+
+							By("Deploying a docker registry")
+							caFile, err := deployAuthenticatedDockerRegistry(repoNode, dockerRegistryPort, sshKey)
+							FailIfError(err, "Failed to deploy docker registry")
+
+							By("Seeding the local registry")
+							err = seedRegistry(repoNode, caFile, dockerRegistryPort, sshKey)
+							FailIfError(err, "Error seeding local registry")
+
+							err = disableInternetAccess(nodes.allNodes(), sshKey)
+							FailIfError(err)
+
+							By("Configuring repository on nodes")
+							for _, n := range nodes.allNodes() {
+								err = copyFileToRemote("test-resources/disconnected-installation/configure-rpm-mirrors.sh", "/tmp/configure-rpm-mirrors.sh", n, sshKey, 15*time.Second)
+								FailIfError(err, "Failed to copy script to nodes")
+							}
+							cmds := []string{
+								"chmod +x /tmp/configure-rpm-mirrors.sh",
+								fmt.Sprintf("sudo /tmp/configure-rpm-mirrors.sh http://%s", repoNode.PrivateIP),
+							}
+							err = runViaSSH(cmds, nodes.allNodes(), sshKey, 5*time.Minute)
+							FailIfError(err, "Failed to run mirror configuration script")
+
+							if err := verifyNoInternetAccess(nodes.allNodes(), sshKey); err == nil {
+								Fail("was able to ping google with outgoing connections blocked")
+							}
+
+							// Cleanup old cluster file and create a new one
+							By("Recreating kismatic-testing.yaml file")
+							err = os.Remove("kismatic-testing.yaml")
+							FailIfError(err)
+							opts = installOptions{
+								disconnectedInstallation: true,
+								modifyHostsFiles:         true,
+								dockerRegistryCAPath:     caFile,
+								dockerRegistryServer:     fmt.Sprintf("%s:%d", repoNode.PrivateIP, dockerRegistryPort),
+								dockerRegistryUsername:   "kismaticuser",
+								dockerRegistryPassword:   "kismaticpassword",
+							}
+							writePlanFile(buildPlan(nodes, opts, sshKey))
+
+							upgradeCluster(true)
+						})
+					})
+				})
+
+				Context("With nodes running Ubuntu 16.04", func() {
+					ItOnAWS("should result in an upgraded cluster", func(aws infrastructureProvisioner) {
+						distro := Ubuntu1604LTS
+						WithInfrastructure(NodeCount{Etcd: 1, Master: 1, Worker: 2, Ingress: 1, Storage: 1}, distro, aws, func(nodes provisionedNodes, sshKey string) {
+							// One of the nodes will function as a repo mirror and image registry
+							repoNode := nodes.worker[1]
+							nodes.worker = nodes.worker[0:1]
+							// Standup cluster with previous version
+							opts := installOptions{
+								disconnectedInstallation: false, // we want KET to install the packages, so let it use the package repo
+								modifyHostsFiles:         true,
+							}
+							err := installKismatic(nodes, opts, sshKey)
+							FailIfError(err)
+
+							extractCurrentKismaticInstaller()
+
+							By("Creating a package repository")
+							err = createPackageRepositoryMirror(repoNode, distro, sshKey)
+							FailIfError(err, "Error creating local package repo")
+
+							By("Deploying a docker registry")
+							caFile, err := deployAuthenticatedDockerRegistry(repoNode, dockerRegistryPort, sshKey)
+							FailIfError(err, "Failed to deploy docker registry")
+
+							By("Seeding the local registry")
+							err = seedRegistry(repoNode, caFile, dockerRegistryPort, sshKey)
+							FailIfError(err, "Error seeding local registry")
+
+							err = disableInternetAccess(nodes.allNodes(), sshKey)
+							FailIfError(err)
+
+							By("Configuring repository on nodes")
+							for _, n := range nodes.allNodes() {
+								err = copyFileToRemote("test-resources/disconnected-installation/configure-deb-mirrors.sh", "/tmp/configure-deb-mirrors.sh", n, sshKey, 15*time.Second)
+								FailIfError(err, "Failed to copy script to nodes")
+							}
+							cmds := []string{
+								"chmod +x /tmp/configure-deb-mirrors.sh",
+								fmt.Sprintf("sudo /tmp/configure-deb-mirrors.sh http://%s", repoNode.PrivateIP),
+							}
+							err = runViaSSH(cmds, nodes.allNodes(), sshKey, 5*time.Minute)
+							FailIfError(err, "Failed to run mirror configuration script")
+
+							if err := verifyNoInternetAccess(nodes.allNodes(), sshKey); err == nil {
+								Fail("was able to ping google with outgoing connections blocked")
+							}
+
+							// Cleanup old cluster file and create a new one
+							By("Recreating kismatic-testing.yaml file")
+							err = os.Remove("kismatic-testing.yaml")
+							FailIfError(err)
+							opts = installOptions{
+								disconnectedInstallation: true,
+								modifyHostsFiles:         true,
+								dockerRegistryCAPath:     caFile,
+								dockerRegistryServer:     fmt.Sprintf("%s:%d", repoNode.PrivateIP, dockerRegistryPort),
+								dockerRegistryUsername:   "kismaticuser",
+								dockerRegistryPassword:   "kismaticpassword",
+							}
+							writePlanFile(buildPlan(nodes, opts, sshKey))
+
+							upgradeCluster(true)
+						})
+					})
+				})
+			})
+		})
+
 		Context("From KET version v1.6.1", func() {
 			BeforeEach(func() {
 				dir := setupTestWorkingDirWithVersion("v1.6.1")