Skip to content

Instantly share code, notes, and snippets.

@tnozicka
Last active Jan 21, 2021
Embed
What would you like to do?
#!/bin/bash
set -eEuxo pipefail
SKEW=${1:-+1y}
OC=${OC:-oc}
SSH=${SSH:-ssh}
masters=$( ${OC} get nodes --selector='node-role.kubernetes.io/master' --template='{{ range $index, $_ := .items }}{{ range .status.addresses }}{{ if (eq .type "InternalIP") }}{{ if $index }} {{end }}{{ .address }}{{ end }}{{ end }}{{ end }}' )
workers=$( ${OC} get nodes --selector='!node-role.kubernetes.io/master' --template='{{ range $index, $_ := .items }}{{ range .status.addresses }}{{ if (eq .type "InternalIP") }}{{ if $index }} {{end }}{{ .address }}{{ end }}{{ end }}{{ end }}' )
function run-on {
for n in ${1}; do ${SSH} core@"${n}" sudo 'bash -eEuxo pipefail' <<< ${2}; done
}
for n in ${masters} ${workers}; do ssh-keygen -R ${n}; done
ssh-keyscan -H ${masters} ${workers} >> ~/.ssh/known_hosts
run-on "${masters} ${workers}" "systemctl stop kubelet"
# Destroy all containers on workers.
run-on "${workers}" "crictl rm --all -f"
# Destroy all containers on masters except KAS and etcd.
run-on "${masters}" '
kas_id=$( crictl ps --name="^kube-apiserver$" -q )
[[ -n "${kas_id}" ]]
etcd_id=$( crictl ps --name="^etcd$" -q )
[[ -n "${etcd_id}" ]]
other_ids=$( crictl ps --all -q | ( grep -v -e "${kas_id}" -e "${etcd_id}" || true ) )
if [ -n "${other_ids}" ]; then
crictl rm -f ${other_ids}
fi;
'
# Delete all pods, especialy the operators. Makes sure it needs KCM and KS working when starting again.
${OC} delete pods -A --all --force --grace-period=0 --timeout=0
# Delete all clusteroperator status to avoid stale status when the operator pod isn't started.
export bearer=$( oc -n openshift-cluster-version serviceaccounts get-token default ) && export server=$( oc whoami --show-server ) && for co in $( oc get co --template='{{ range .items }}{{ printf "%s\n" .metadata.name }}{{ end }}' ); do curl -X PATCH -H "Authorization: Bearer ${bearer}" -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" --cacert <( oc -n openshift-config-managed get cm/kube-apiserver-server-ca --template='{{ index .data "ca-bundle.crt" }}' ) ${server}/apis/config.openshift.io/v1/clusteroperators/${co}/status -d '{"status": null}' -k && echo; done
# Destroy the remaining containers on masters
run-on "${masters}" "crictl rm --all -f"
run-on "${masters} ${workers}" "systemctl disable chronyd --now"
# Set time only as a difference to the synced time so we don't introduce a skew between the machines which would break etcd, leader election and others.
run-on "${masters} ${workers}" "
timedatectl status
timedatectl set-ntp false
timedatectl set-time '${SKEW}'
timedatectl status
"
run-on "${masters} ${workers}" "systemctl start kubelet"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment