feat(ansible): add upgrade cluster script and update OIDC URL

Signed-off-by: 孙振宇 <>
2025-01-13 13:56:33 +08:00 · 2025-01-13 13:56:33 +08:00 · e71c27f587
commit e71c27f587
parent a5941cf798
2 changed files with 24 additions and 1 deletions
--- a/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
@ -46,7 +46,7 @@ kube_oidc_auth: true
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)

-kube_oidc_url: https://login.microsoftonline.com/cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
+kube_oidc_url: https://login.microsoftonline.com/cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24/v2.0
 kube_oidc_client_id: 7cd1df19-24ea-46d7-acd3-5336283139e0
 ## Optional settings for OIDC
 # kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
--- a/cluster/ansible/upgrade-cluster.sh
+++ b/cluster/ansible/upgrade-cluster.sh
@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+set -eu -o pipefail
+
+# Check if `init.sh` has not run
+if [ ! -d venv ]; then
+    echo "Please run init.sh first."
+    exit 1
+fi
+
+# Check if kubespray has not been cloned and its empty
+if [ ! -d ../../3rd/kubespray ]; then
+    echo "Please run 'git submoudle --init --recursive' first."
+    exit 1
+fi
+
+# Check if `inventory.ini` has not been created
+if [ ! -f ../../cluster/ansible/manifests/inventory.ini ]; then
+    echo "Please create your own inventory.ini first."
+    exit 1
+fi
+
+cd ../../3rd/kubespray && ansible-playbook -i ../../cluster/ansible/manifests/inventory.ini ./upgrade-cluster.yml -kK -b