theshire/ansible/main/playbooks/cluster-rollout-update.yaml

---
# https://github.com/kevincoakley/ansible-role-k8s-rolling-update
- name: Cluster update rollout
  hosts: kubernetes
  become: true
  gather_facts: true
  any_errors_fatal: true
  serial: 1
  pre_tasks:
    - name: Pausing for 2 seconds...
      ansible.builtin.pause:
        seconds: 2
  tasks:
    - name: Details
      ansible.builtin.command: "kubectl get node {{ inventory_hostname }} -o json"
      register: kubectl_get_node
      delegate_to: "{{ groups['master'][0] }}"
      failed_when: false
      changed_when: false

    - name: Update
      when:
        # When status.conditions[x].type == Ready then check stats.conditions[x].status for True|False
        - kubectl_get_node['stdout'] | from_json | json_query("status.conditions[?type == 'Ready'].status")
        # If spec.unschedulable is defined then the node is cordoned
        - not (kubectl_get_node['stdout'] | from_json).spec.unschedulable is defined
      block:
        - name: Cordon
          kubernetes.core.k8s_drain:
            name: "{{ inventory_hostname }}"
            kubeconfig: /etc/rancher/k3s/k3s.yaml
            state: cordon
          delegate_to: "{{ groups['master'][0] }}"

        - name: Drain
          kubernetes.core.k8s_drain:
            name: "{{ inventory_hostname }}"
            kubeconfig: /etc/rancher/k3s/k3s.yaml
            state: drain
            delete_options:
              delete_emptydir_data: true
              ignore_daemonsets: true
              terminate_grace_period: 600
              wait_timeout: 900
            pod_selectors:
              - app!=rook-ceph-osd
          delegate_to: "{{ groups['master'][0] }}"

        - name: Update
          ansible.builtin.apt:
            upgrade: dist
            update_cache: true

        - name: Check if reboot is required
          ansible.builtin.stat:
            path: /var/run/reboot-required
          register: reboot_required

        - name: Reboot
          when: reboot_required.stat.exists
          ansible.builtin.reboot:
            msg: Rebooting node
            post_reboot_delay: 120
            reboot_timeout: 3600

        - name: Uncordon
          kubernetes.core.k8s_drain:
            name: "{{ inventory_hostname }}"
            kubeconfig: /etc/rancher/k3s/k3s.yaml
            state: uncordon
          delegate_to: "{{ groups['master'][0] }}"