From 027b9d5328839c76387f3e9777ea071ae9820cc0 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Mon, 25 Sep 2017 07:14:10 +0100
Subject: [PATCH] remove proxy. update to kubeadm 1.8.0rc1

---
 .gitlab-ci.yml                                | 24 ++++----
 roles/download/defaults/main.yml              |  6 +-
 roles/kubernetes-apps/ansible/tasks/main.yml  | 11 ----
 .../ansible/templates/kube-proxy-ds.yml.j2    | 56 -------------------
 .../rotate_tokens/tasks/main.yml              |  2 +-
 .../kubernetes/master/tasks/kubeadm-setup.yml |  6 ++
 roles/reset/tasks/main.yml                    |  1 +
 7 files changed, 23 insertions(+), 83 deletions(-)
 delete mode 100644 roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8dcc18acf..c895074ea 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -262,18 +262,18 @@ before_script:
       tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
       fi
 
-  after_script:
-    - >
-      ansible-playbook -i inventory/inventory.ini tests/cloud_playbooks/delete-gce.yml -c local  $LOG_LEVEL
-      -e mode=${CLUSTER_MODE}
-      -e test_id=${TEST_ID}
-      -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
-      -e gce_project_id=${GCE_PROJECT_ID}
-      -e gce_service_account_email=${GCE_ACCOUNT}
-      -e gce_credentials_file=${HOME}/.ssh/gce.json
-      -e cloud_image=${CLOUD_IMAGE}
-      -e inventory_path=${PWD}/inventory/inventory.ini
-      -e cloud_region=${CLOUD_REGION}
+#  after_script:
+#    - >
+#      ansible-playbook -i inventory/inventory.ini tests/cloud_playbooks/delete-gce.yml -c local  $LOG_LEVEL
+#      -e mode=${CLUSTER_MODE}
+#      -e test_id=${TEST_ID}
+#      -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
+#      -e gce_project_id=${GCE_PROJECT_ID}
+#      -e gce_service_account_email=${GCE_ACCOUNT}
+#      -e gce_credentials_file=${HOME}/.ssh/gce.json
+#      -e cloud_image=${CLOUD_IMAGE}
+#      -e inventory_path=${PWD}/inventory/inventory.ini
+#      -e cloud_region=${CLOUD_REGION}
 
 # Test matrix. Leave the comments for markup scripts.
 .coreos_calico_aio_variables: &coreos_calico_aio_variables
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a310b0799..42f9424a1 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -20,7 +20,7 @@ download_always_pull: False
 # Versions
 kube_version: v1.7.5
 # Change to kube_version after v1.8.0 release
-kubeadm_version: "v1.8.0-beta.1"
+kubeadm_version: "v1.8.0-rc.1"
 etcd_version: v3.2.4
 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download
@@ -37,7 +37,7 @@ pod_infra_version: 3.0
 kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/amd64/kubeadm"
 
 # Checksums
-kubeadm_checksum: "ddd5949699d6bdbc0b90b379e7e534f137b1058db1acc8f26cc54843f017ffbf"
+kubeadm_checksum: "8f6ceb26b8503bfc36a99574cf6f853be1c55405aa31669561608ad8099bf5bf"
 
 # Containers
 etcd_image_repo: "quay.io/coreos/etcd"
@@ -123,7 +123,7 @@ downloads:
     container: true
     repo: "{{ etcd_image_repo }}"
     tag: "{{ etcd_image_tag }}"
-    sha256: "{{etcd_digest_checksum|default(None)}}"
+    sha256: "{{ etcd_digest_checksum|default(None) }}"
   kubeadm:
     version: "{{ kubeadm_version }}"
     dest: "kubeadm"
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 1dae49922..9e9a30382 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -18,17 +18,6 @@
   with_items: ['deploy', 'svc']
   tags: upgrade
 
-- name: Kubernetes Apps | Ensure kubeadm kube-proxy
-  kube:
-    name: "kube-proxy"
-    namespace: "{{ system_namespace }}"
-    kubectl: "{{bin_dir}}/kubectl"
-    resource: "daemonset"
-    state: latest
-  when:
-    - kubeadm_enabled|default(false)
-    - inventory_hostname == groups['kube-master'][0]
-
 - name: Kubernetes Apps | Delete kubeadm kubedns
   kube:
     name: "kubedns"
diff --git a/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2
deleted file mode 100644
index ba6dc20d4..000000000
--- a/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2
+++ /dev/null
@@ -1,56 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  labels:
-    k8s-app: kube-proxy
-  name: kube-proxy
-  namespace: {{ system_namespace }}
-spec:
-  selector:
-    matchLabels:
-      k8s-app: kube-proxy
-  template:
-    metadata:
-      labels:
-        k8s-app: kube-proxy
-    spec:
-      containers:
-      - command:
-        - /usr/local/bin/kube-proxy
-        - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
-        - --cluster-cidr=10.233.64.0/18
-        image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
-        imagePullPolicy: {{ k8s_image_pull_policy }}
-        name: kube-proxy
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - mountPath: /var/lib/kube-proxy
-          name: kube-proxy
-        - mountPath: /run/xtables.lock
-          name: xtables-lock
-      dnsPolicy: ClusterFirst
-      hostNetwork: true
-      restartPolicy: Always
-      serviceAccount: kube-proxy
-      serviceAccountName: kube-proxy
-      terminationGracePeriodSeconds: 30
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-      - effect: NoSchedule
-        key: node.cloudprovider.kubernetes.io/uninitialized
-        value: "true"
-      volumes:
-      - configMap:
-          defaultMode: 420
-          name: kube-proxy
-        name: kube-proxy
-      - hostPath:
-          path: /run/xtables.lock
-        name: xtables-lock
-  updateStrategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate
-
diff --git a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
index 5c7678ead..6f54ff927 100644
--- a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
+++ b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
@@ -6,7 +6,7 @@
     {{ bin_dir }}/kubectl get secrets --all-namespaces
     -o 'jsonpath={range .items[*]}{"\n"}{.metadata.namespace}{" "}{.metadata.name}{" "}{.type}{end}'
     | grep kubernetes.io/service-account-token
-    | egrep 'default-token|kube-dns|dnsmasq|netchecker|weave|calico|canal|flannel|dashboard|cluster-proportional-autoscaler|efk|tiller'
+    | egrep 'default-token|kube-proxy|kube-dns|dnsmasq|netchecker|weave|calico|canal|flannel|dashboard|cluster-proportional-autoscaler|efk|tiller'
   register: tokens_to_delete
   run_once: true
 
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 67e84a509..3533cb1bc 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -78,6 +78,12 @@
   failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
   notify: Master | restart kubelet
 
+# FIXME(mattymo): remove when https://github.com/kubernetes/kubeadm/issues/433 is fixed
+- name: kubeadm | Enable kube-proxy
+  command: "{{ bin_dir }}/kubeadm alpha phase addon kube-proxy --config={{ kube_config_dir }}/kubeadm-config.yaml"
+  when: inventory_hostname == groups['kube-master']|first
+  changed_when: false
+
 - name: slurp kubeadm certs
   slurp:
     src: "{{ item }}"
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 59251b02b..2d72f0b25 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -75,6 +75,7 @@
   with_items:
     - "{{kube_config_dir}}"
     - /var/lib/kubelet
+    - /root/.kube
     - "{{ etcd_data_dir }}"
     - /etc/ssl/etcd
     - /var/log/calico