Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This isn't tested, since I'm using a custom role locally, but it's a lightly edited (for code style) version of what I'm doing.
Unfortunately, this whole transition seems to be quite messy and may require some manual work to clear out old keys, old sources, etc if this is rerun on a cluster with the previous system in place.
To go into more detail about why this can require cleanup, the previous approach would create e.g.
/etc/apt/sources.list.d/kubernetes.list
. This creates/etc/apt/sources.list.d/kubernes.source
, so there can be two files pointing to sources for the Kubernetes packages. This also adds the new key in a different location, so there can be multiple keys.The problem I encountered while fighting with this and iterating while targeting a cluster was that I'd get errors like "403 forbidden" when attempting to update the apt cache. That would occur when I was using the wrong
suite
orcomponents
arguments, since converting from the old to the new format is IMHO kinda poorly documented.Then, once I got that sorted out, I had problems where my control plane was on 1.29.2 and my workers were on 1.28.2. This happened because I was working on bootstrapping my control plane (high availability, which is why I didn't use this role) and ended up iterating more on that, while my workers had received less attention. Turns out, I still had those apt-marked to pin the versions.
A sadder man, but wiser now, I open this PR for you.