feat: support upgrades 1.28.4-1.28.5 and 1.29.4-1.29.5

configs/upgrades/ekscluster/1.29.4-1.29.5/pre-distribution.sh.tpl

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Remove some validating webhooks during the upgrade
+{{- if eq .spec.distribution.modules.policy.type "gatekeeper" }}
+$kubectlbin delete --ignore-not-found=true validatingwebhookconfiguration gatekeeper-validating-webhook-configuration
+{{- end }}

configs/upgrades/ekscluster/1.29.4-1.29.5/pre-kubernetes.sh.tpl

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+set -e
+
+{{- if index .spec "kubernetes" }}
+
+## master upgrades - only one at a time
+{{- range $h := .spec.kubernetes.masters.hosts }}
+ansible-playbook 55.upgrade-control-plane.yml --limit "{{ $h.name }}" --become
+{{- end }}
+
+{{- if ne .upgrade.skipNodesUpgrade true }}
+{{- range $n := .spec.kubernetes.nodes }}
+    {{- range $h := $n.hosts }}
+ansible-playbook 56.upgrade-worker-nodes.yml --limit "{{ $h.name }}"
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

configs/upgrades/kfddistribution/1.28.4-1.28.5/pre-distribution.sh.tpl

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Remove some validating webhooks during the upgrade
+{{- if eq .spec.distribution.modules.policy.type "gatekeeper" }}
+$kubectlbin delete --ignore-not-found=true validatingwebhookconfiguration gatekeeper-validating-webhook-configuration
+{{- end }}

configs/upgrades/kfddistribution/1.28.4-1.28.5/pre-kubernetes.sh.tpl

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+set -e
+
+{{- if index .spec "kubernetes" }}
+
+## master upgrades - only one at a time
+{{- range $h := .spec.kubernetes.masters.hosts }}
+ansible-playbook 55.upgrade-control-plane.yml --limit "{{ $h.name }}" --become
+{{- end }}
+
+{{- if ne .upgrade.skipNodesUpgrade true }}
+{{- range $n := .spec.kubernetes.nodes }}
+    {{- range $h := $n.hosts }}
+ansible-playbook 56.upgrade-worker-nodes.yml --limit "{{ $h.name }}"
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

configs/upgrades/kfddistribution/1.29.4-1.29.5/post-distribution.sh.tpl

@@ -0,0 +1,36 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Delete old resources after Ingress migration to v3
+{{- if eq .spec.distribution.modules.ingress.nginx.type "single" }}
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-metrics -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-selfsign -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true prometheusrule.monitoring.coreos.com ingress-nginx-k8s-rules -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true servicemonitor.monitoring.coreos.com ingress-nginx -n ingress-nginx
+{{- end }}
+
+{{- if eq .spec.distribution.modules.ingress.nginx.type "dual" }}
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-metrics -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-selfsign -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true prometheusrule.monitoring.coreos.com ingress-nginx-k8s-rules -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true servicemonitor.monitoring.coreos.com ingress-nginx -n ingress-nginx
+{{- end }}

configs/upgrades/kfddistribution/1.29.4-1.29.5/pre-distribution.sh.tpl

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Remove some validating webhooks during the upgrade
+{{- if eq .spec.distribution.modules.policy.type "gatekeeper" }}
+$kubectlbin delete --ignore-not-found=true validatingwebhookconfiguration gatekeeper-validating-webhook-configuration
+{{- end }}

configs/upgrades/kfddistribution/1.29.4-1.29.5/pre-kubernetes.sh.tpl

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+set -e
+
+{{- if index .spec "kubernetes" }}
+
+## master upgrades - only one at a time
+{{- range $h := .spec.kubernetes.masters.hosts }}
+ansible-playbook 55.upgrade-control-plane.yml --limit "{{ $h.name }}" --become
+{{- end }}
+
+{{- if ne .upgrade.skipNodesUpgrade true }}
+{{- range $n := .spec.kubernetes.nodes }}
+    {{- range $h := $n.hosts }}
+ansible-playbook 56.upgrade-worker-nodes.yml --limit "{{ $h.name }}"
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

configs/upgrades/onpremises/1.28.4-1.28.5/post-distribution.sh.tpl

@@ -0,0 +1,36 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Delete old resources after Ingress migration to v3
+{{- if eq .spec.distribution.modules.ingress.nginx.type "single" }}
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-metrics -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-selfsign -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true prometheusrule.monitoring.coreos.com ingress-nginx-k8s-rules -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true servicemonitor.monitoring.coreos.com ingress-nginx -n ingress-nginx
+{{- end }}
+
+{{- if eq .spec.distribution.modules.ingress.nginx.type "dual" }}
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-metrics -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-selfsign -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true prometheusrule.monitoring.coreos.com ingress-nginx-k8s-rules -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true servicemonitor.monitoring.coreos.com ingress-nginx -n ingress-nginx
+{{- end }}

configs/upgrades/onpremises/1.28.4-1.28.5/pre-distribution.sh.tpl

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Remove some validating webhooks during the upgrade
+{{- if eq .spec.distribution.modules.policy.type "gatekeeper" }}
+$kubectlbin delete --ignore-not-found=true validatingwebhookconfiguration gatekeeper-validating-webhook-configuration
+{{- end }}

configs/upgrades/onpremises/1.28.4-1.28.5/pre-kubernetes.sh.tpl

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+set -e
+
+{{- if index .spec "kubernetes" }}
+
+## master upgrades - only one at a time
+{{- range $h := .spec.kubernetes.masters.hosts }}
+ansible-playbook 55.upgrade-control-plane.yml --limit "{{ $h.name }}" --become
+{{- end }}
+
+{{- if ne .upgrade.skipNodesUpgrade true }}
+{{- range $n := .spec.kubernetes.nodes }}
+    {{- range $h := $n.hosts }}
+ansible-playbook 56.upgrade-worker-nodes.yml --limit "{{ $h.name }}"
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

configs/upgrades/onpremises/1.29.4-1.29.5/post-distribution.sh.tpl

@@ -0,0 +1,36 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Delete old resources after Ingress migration to v3
+{{- if eq .spec.distribution.modules.ingress.nginx.type "single" }}
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-metrics -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-selfsign -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true prometheusrule.monitoring.coreos.com ingress-nginx-k8s-rules -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true servicemonitor.monitoring.coreos.com ingress-nginx -n ingress-nginx
+{{- end }}
+
+{{- if eq .spec.distribution.modules.ingress.nginx.type "dual" }}
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true configmap nginx-configuration-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-admission-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true service ingress-nginx-metrics -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true daemonset.apps nginx-ingress-controller-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls-external -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true certificate.cert-manager.io ingress-nginx-tls-internal -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-ca -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true issuer.cert-manager.io ingress-nginx-selfsign -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true prometheusrule.monitoring.coreos.com ingress-nginx-k8s-rules -n ingress-nginx
+$kubectlbin delete --ignore-not-found=true servicemonitor.monitoring.coreos.com ingress-nginx -n ingress-nginx
+{{- end }}

configs/upgrades/onpremises/1.29.4-1.29.5/pre-distribution.sh.tpl

@@ -0,0 +1,10 @@
+#!/usr/bin/env sh
+
+set -e
+
+kubectlbin="{{ .paths.kubectl }}"
+
+# Remove some validating webhooks during the upgrade
+{{- if eq .spec.distribution.modules.policy.type "gatekeeper" }}
+$kubectlbin delete --ignore-not-found=true validatingwebhookconfiguration gatekeeper-validating-webhook-configuration
+{{- end }}

configs/upgrades/onpremises/1.29.4-1.29.5/pre-kubernetes.sh.tpl

@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+set -e
+
+{{- if index .spec "kubernetes" }}
+
+## master upgrades - only one at a time
+{{- range $h := .spec.kubernetes.masters.hosts }}
+ansible-playbook 55.upgrade-control-plane.yml --limit "{{ $h.name }}" --become
+{{- end }}
+
+{{- if ne .upgrade.skipNodesUpgrade true }}
+{{- range $n := .spec.kubernetes.nodes }}
+    {{- range $h := $n.hosts }}
+ansible-playbook 56.upgrade-worker-nodes.yml --limit "{{ $h.name }}"
+    {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}