Stop templating kube-system namespace and creating it (#2545)

Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
2026-03-09 11:47:47 +03:00 · 2018-03-30 14:29:13 +03:00
parent f619eb08b1
commit 03bcfa7ff5
91 changed files with 122 additions and 159 deletions
--- a/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
@@ -15,4 +15,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: coredns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: coredns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
  labels:
    addonmanager.kubernetes.io/mode: EnsureExists
 data:
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: coredns{{ coredns_ordinal_suffix | default('') }}
-  namespace: {{ system_namespace }}
+  namespace: kube-system
  labels:
    k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
    kubernetes.io/cluster-service: "true"
--- a/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: coredns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
--- a/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: coredns{{ coredns_ordinal_suffix | default('') }}
-  namespace: {{ system_namespace }}
+  namespace: kube-system
  labels:
    k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
    kubernetes.io/cluster-service: "true"
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -25,7 +25,7 @@ metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 type: Opaque

 ---
@@ -37,7 +37,7 @@ metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system

 ---
 # ------------------- Dashboard Role & Role Binding ------------------- #
@@ -46,7 +46,7 @@ kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: kubernetes-dashboard-minimal
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 rules:
  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
 - apiGroups: [""]
@@ -81,7 +81,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: kubernetes-dashboard-minimal
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -89,7 +89,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system

 ---
 # ------------------- Gross Hack For anonymous auth through api proxy ------------------- #
@@ -103,7 +103,7 @@ rules:
  resources: ["services/proxy"]
  resourceNames: ["https:kubernetes-dashboard:"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/{{ system_namespace }}/services/https:kubernetes-dashboard:/proxy/*"]
+- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

 ---
@@ -128,7 +128,7 @@ metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 spec:
  replicas: 1
  revisionHistoryLimit: 10
@@ -200,7 +200,7 @@ metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 spec:
  ports:
    - port: 443
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2
@@ -17,7 +17,7 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
  name: cluster-proportional-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 rules:
  - apiGroups: [""]
    resources: ["nodes"]
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2
@@ -17,11 +17,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
  name: cluster-proportional-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 subjects:
  - kind: ServiceAccount
    name: cluster-proportional-autoscaler
-    namespace: {{ system_namespace }}
+    namespace: kube-system
 roleRef:
  kind: ClusterRole
  name: cluster-proportional-autoscaler
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2
@@ -17,4 +17,4 @@ kind: ServiceAccount
 apiVersion: v1
 metadata:
  name: cluster-proportional-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -17,7 +17,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: kubedns-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system
  labels:
    k8s-app: kubedns-autoscaler
    kubernetes.io/cluster-service: "true"
@@ -40,7 +40,7 @@ spec:
            memory: "10Mi"
        command:
        - /cluster-proportional-autoscaler
-        - --namespace={{ system_namespace }}
+        - --namespace=kube-system
        - --configmap=kubedns-autoscaler
        # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
        - --target=Deployment/kube-dns
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: kube-dns
-  namespace: "{{system_namespace}}"
+  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"
--- a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
@@ -3,6 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: kube-dns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
--- a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: kube-dns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
  labels:
    k8s-app: kube-dns
    kubernetes.io/cluster-service: "true"