-
-
Save tnozicka/b1df897a905be8b6e22ab04ce5b9b90a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eEuxo pipefail | |
SKEW=${1:-+1y} | |
OC=${OC:-oc} | |
SSH=${SSH:-ssh} | |
masters=$( ${OC} get nodes --selector='node-role.kubernetes.io/master' --template='{{ range $index, $_ := .items }}{{ range .status.addresses }}{{ if (eq .type "InternalIP") }}{{ if $index }} {{end }}{{ .address }}{{ end }}{{ end }}{{ end }}' ) | |
workers=$( ${OC} get nodes --selector='!node-role.kubernetes.io/master' --template='{{ range $index, $_ := .items }}{{ range .status.addresses }}{{ if (eq .type "InternalIP") }}{{ if $index }} {{end }}{{ .address }}{{ end }}{{ end }}{{ end }}' ) | |
function run-on { | |
for n in ${1}; do ${SSH} core@"${n}" sudo 'bash -eEuxo pipefail' <<< ${2}; done | |
} | |
for n in ${masters} ${workers}; do ssh-keygen -R ${n}; done | |
ssh-keyscan -H ${masters} ${workers} >> ~/.ssh/known_hosts | |
run-on "${masters} ${workers}" "systemctl stop kubelet" | |
# Destroy all containers on workers. | |
run-on "${workers}" "crictl rm --all -f" | |
# Destroy all containers on masters except KAS and etcd. | |
run-on "${masters}" ' | |
kas_id=$( crictl ps --name="^kube-apiserver$" -q ) | |
[[ -n "${kas_id}" ]] | |
etcd_id=$( crictl ps --name="^etcd$" -q ) | |
[[ -n "${etcd_id}" ]] | |
other_ids=$( crictl ps --all -q | ( grep -v -e "${kas_id}" -e "${etcd_id}" || true ) ) | |
if [ -n "${other_ids}" ]; then | |
crictl rm -f ${other_ids} | |
fi; | |
' | |
# Delete all pods, especialy the operators. Makes sure it needs KCM and KS working when starting again. | |
${OC} delete pods -A --all --force --grace-period=0 --timeout=0 | |
# Delete all clusteroperator status to avoid stale status when the operator pod isn't started. | |
export bearer=$( oc -n openshift-cluster-version serviceaccounts get-token default ) && export server=$( oc whoami --show-server ) && for co in $( oc get co --template='{{ range .items }}{{ printf "%s\n" .metadata.name }}{{ end }}' ); do curl -X PATCH -H "Authorization: Bearer ${bearer}" -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" --cacert <( oc -n openshift-config-managed get cm/kube-apiserver-server-ca --template='{{ index .data "ca-bundle.crt" }}' ) ${server}/apis/config.openshift.io/v1/clusteroperators/${co}/status -d '{"status": null}' -k && echo; done | |
# Destroy the remaining containers on masters | |
run-on "${masters}" "crictl rm --all -f" | |
run-on "${masters} ${workers}" "systemctl disable chronyd --now" | |
# Set time only as a difference to the synced time so we don't introduce a skew between the machines which would break etcd, leader election and others. | |
run-on "${masters} ${workers}" " | |
timedatectl status | |
timedatectl set-ntp false | |
timedatectl set-time '${SKEW}' | |
timedatectl status | |
" | |
run-on "${masters} ${workers}" "systemctl start kubelet" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment