From 03bcfa7ff544991da1a39af34a37ef644d27af91 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Fri, 30 Mar 2018 14:29:13 +0300
Subject: [PATCH] Stop templating kube-system namespace and creating it (#2545)
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
---
inventory/sample/group_vars/k8s-cluster.yml | 1 -
roles/dnsmasq/tasks/main.yml | 2 +-
.../templates/dnsmasq-clusterrolebinding.yml | 4 +--
roles/dnsmasq/templates/dnsmasq-deploy.yml | 2 +-
.../templates/dnsmasq-serviceaccount.yml | 2 +-
roles/dnsmasq/templates/dnsmasq-svc.yml | 2 +-
roles/etcd/defaults/main.yml | 6 ++--
.../ansible/tasks/cleanup_dns.yml | 8 ++---
.../ansible/tasks/dashboard.yml | 2 +-
roles/kubernetes-apps/ansible/tasks/main.yml | 2 +-
.../coredns-clusterrolebinding.yml.j2 | 2 +-
.../ansible/templates/coredns-config.yml.j2 | 2 +-
.../templates/coredns-deployment.yml.j2 | 2 +-
.../ansible/templates/coredns-sa.yml.j2 | 2 +-
.../ansible/templates/coredns-svc.yml.j2 | 2 +-
.../ansible/templates/dashboard.yml.j2 | 16 +++++-----
.../kubedns-autoscaler-clusterrole.yml.j2 | 2 +-
...bedns-autoscaler-clusterrolebinding.yml.j2 | 4 +--
.../templates/kubedns-autoscaler-sa.yml.j2 | 2 +-
.../templates/kubedns-autoscaler.yml.j2 | 4 +--
.../ansible/templates/kubedns-deploy.yml.j2 | 2 +-
.../ansible/templates/kubedns-sa.yml.j2 | 2 +-
.../ansible/templates/kubedns-svc.yml.j2 | 2 +-
.../cluster_roles/tasks/main.yml | 29 -------------------
.../cluster_roles/templates/namespace.j2 | 2 +-
.../efk/elasticsearch/tasks/main.yml | 6 ++--
.../templates/efk-clusterrolebinding.yml | 4 +--
.../efk/elasticsearch/templates/efk-sa.yml | 2 +-
.../templates/elasticsearch-deployment.yml.j2 | 2 +-
.../templates/elasticsearch-service.yml.j2 | 2 +-
.../efk/fluentd/tasks/main.yml | 2 +-
.../fluentd/templates/fluentd-config.yml.j2 | 2 +-
.../efk/fluentd/templates/fluentd-ds.yml.j2 | 2 +-
.../kubernetes-apps/efk/kibana/tasks/main.yml | 4 +--
.../kibana/templates/kibana-deployment.yml.j2 | 2 +-
.../kibana/templates/kibana-service.yml.j2 | 2 +-
.../cephfs_provisioner/defaults/main.yml | 2 +-
.../defaults/main.yml | 2 +-
roles/kubernetes-apps/helm/tasks/main.yml | 4 +--
.../templates/tiller-clusterrolebinding.yml | 4 +--
.../helm/templates/tiller-sa.yml | 2 +-
.../network_plugin/calico/tasks/main.yml | 2 +-
.../network_plugin/canal/tasks/main.yml | 2 +-
.../network_plugin/cilium/tasks/main.yml | 4 +--
.../network_plugin/contiv/tasks/main.yml | 2 +-
.../network_plugin/flannel/tasks/main.yml | 2 +-
.../network_plugin/weave/tasks/main.yml | 2 +-
.../policy_controller/calico/tasks/main.yml | 4 +--
.../templates/calico-kube-controllers.yml.j2 | 4 +--
.../calico/templates/calico-kube-cr.yml.j2 | 2 +-
.../calico/templates/calico-kube-crb.yml.j2 | 2 +-
.../calico/templates/calico-kube-sa.yml.j2 | 2 +-
.../registry/defaults/main.yml | 2 +-
.../rotate_tokens/tasks/main.yml | 2 +-
.../manifests/kube-apiserver.manifest.j2 | 2 +-
.../kube-controller-manager.manifest.j2 | 2 +-
.../manifests/kube-scheduler.manifest.j2 | 2 +-
roles/kubernetes/master/vars/main.yml | 6 ----
.../manifests/kube-proxy.manifest.j2 | 2 +-
.../manifests/nginx-proxy.manifest.j2 | 2 +-
roles/kubespray-defaults/defaults/main.yaml | 1 -
.../calico/templates/calico-config.yml.j2 | 2 +-
.../calico/templates/calico-cr.yml.j2 | 2 +-
.../calico/templates/calico-crb.yml.j2 | 2 +-
.../calico/templates/calico-node-sa.yml.j2 | 2 +-
.../calico/templates/calico-node.yml.j2 | 2 +-
.../canal/templates/canal-cr-calico.yml.j2 | 2 +-
.../canal/templates/canal-crb-calico.yml.j2 | 2 +-
.../canal/templates/canal-crb-flannel.yml.j2 | 2 +-
.../canal/templates/canal-node-sa.yml.j2 | 2 +-
.../canal/templates/canal-node.yaml.j2 | 2 +-
.../cilium/templates/cilium-config.yml.j2 | 2 +-
.../cilium/templates/cilium-crb.yml.j2 | 2 +-
.../cilium/templates/cilium-ds.yml.j2 | 2 +-
.../cilium/templates/cilium-sa.yml.j2 | 2 +-
.../contiv/templates/contiv-api-proxy.yml.j2 | 4 +--
.../contiv/templates/contiv-config.yml.j2 | 2 +-
.../contiv/templates/contiv-etcd-proxy.yml.j2 | 2 +-
.../contiv/templates/contiv-etcd.yml.j2 | 2 +-
.../contiv-netmaster-clusterrole.yml.j2 | 2 +-
...contiv-netmaster-clusterrolebinding.yml.j2 | 2 +-
.../contiv-netmaster-serviceaccount.yml.j2 | 2 +-
.../contiv/templates/contiv-netmaster.yml.j2 | 4 +--
.../contiv-netplugin-clusterrole.yml.j2 | 2 +-
...contiv-netplugin-clusterrolebinding.yml.j2 | 2 +-
.../contiv-netplugin-serviceaccount.yml.j2 | 2 +-
.../contiv/templates/contiv-netplugin.yml.j2 | 2 +-
.../flannel/templates/cni-flannel-rbac.yml.j2 | 4 +--
.../flannel/templates/cni-flannel.yml.j2 | 4 +--
.../weave/templates/weave-net.yml.j2 | 16 +++++-----
roles/vault/defaults/main.yml | 2 +-
91 files changed, 122 insertions(+), 159 deletions(-)
delete mode 100644 roles/kubernetes/master/vars/main.yml
diff --git a/inventory/sample/group_vars/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster.yml
index 5f4889e8b..694368954 100644
--- a/inventory/sample/group_vars/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster.yml
@@ -6,7 +6,6 @@
kube_config_dir: /etc/kubernetes
kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests"
-system_namespace: kube-system
# This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/ssl"
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index b6574fd27..831330175 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -91,7 +91,7 @@
- name: Start Resources
kube:
name: "{{item.item.name}}"
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
diff --git a/roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml b/roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml
index 817de877b..0fa300989 100644
--- a/roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml
+++ b/roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml
@@ -3,11 +3,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dnsmasq
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
subjects:
- kind: ServiceAccount
name: dnsmasq
- namespace: "{{ system_namespace}}"
+ namespace: "kube-system"
roleRef:
kind: ClusterRole
name: cluster-admin
diff --git a/roles/dnsmasq/templates/dnsmasq-deploy.yml b/roles/dnsmasq/templates/dnsmasq-deploy.yml
index 838471050..0fb6045e8 100644
--- a/roles/dnsmasq/templates/dnsmasq-deploy.yml
+++ b/roles/dnsmasq/templates/dnsmasq-deploy.yml
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: dnsmasq
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
labels:
k8s-app: dnsmasq
kubernetes.io/cluster-service: "true"
diff --git a/roles/dnsmasq/templates/dnsmasq-serviceaccount.yml b/roles/dnsmasq/templates/dnsmasq-serviceaccount.yml
index bce8a232f..91e98feee 100644
--- a/roles/dnsmasq/templates/dnsmasq-serviceaccount.yml
+++ b/roles/dnsmasq/templates/dnsmasq-serviceaccount.yml
@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: dnsmasq
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/dnsmasq/templates/dnsmasq-svc.yml b/roles/dnsmasq/templates/dnsmasq-svc.yml
index 54dc0aa97..f00d3d3dd 100644
--- a/roles/dnsmasq/templates/dnsmasq-svc.yml
+++ b/roles/dnsmasq/templates/dnsmasq-svc.yml
@@ -6,7 +6,7 @@ metadata:
kubernetes.io/cluster-service: 'true'
k8s-app: dnsmasq
name: dnsmasq
- namespace: {{system_namespace}}
+ namespace: kube-system
spec:
ports:
- port: 53
diff --git a/roles/etcd/defaults/main.yml b/roles/etcd/defaults/main.yml
index 5f16db1d1..1268c13c7 100644
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@@ -12,9 +12,9 @@ etcd_cert_group: root
# Note: This does not set up DNS entries. It simply adds the following DNS
# entries to the certificate
etcd_cert_alt_names:
- - "etcd.{{ system_namespace }}.svc.{{ dns_domain }}"
- - "etcd.{{ system_namespace }}.svc"
- - "etcd.{{ system_namespace }}"
+ - "etcd.kube-system.svc.{{ dns_domain }}"
+ - "etcd.kube-system.svc"
+ - "etcd.kube-system"
- "etcd"
etcd_script_dir: "{{ bin_dir }}/etcd-scripts"
diff --git a/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml b/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml
index 5f8356cf9..e77f1e799 100644
--- a/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml
@@ -2,7 +2,7 @@
- name: Kubernetes Apps | Delete old CoreDNS resources
kube:
name: "coredns"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item }}"
state: absent
@@ -16,7 +16,7 @@
- name: Kubernetes Apps | Delete kubeadm CoreDNS
kube:
name: "coredns"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "deploy"
state: absent
@@ -28,7 +28,7 @@
- name: Kubernetes Apps | Delete old KubeDNS resources
kube:
name: "kube-dns"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item }}"
state: absent
@@ -41,7 +41,7 @@
- name: Kubernetes Apps | Delete kubeadm KubeDNS
kube:
name: "kube-dns"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item }}"
state: absent
diff --git a/roles/kubernetes-apps/ansible/tasks/dashboard.yml b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
index ce56bd5d1..4c9ad5c74 100644
--- a/roles/kubernetes-apps/ansible/tasks/dashboard.yml
+++ b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
@@ -22,7 +22,7 @@
- name: Kubernetes Apps | Start dashboard
kube:
name: "{{ item.item.name }}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index c03a78722..ceb667f69 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -37,7 +37,7 @@
- name: Kubernetes Apps | Start Resources
kube:
name: "{{ item.item.name }}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
index 6c49d047f..89becd5b4 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2
@@ -15,4 +15,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: coredns
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
index 983d2579f..360480c1e 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
data:
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index 30128d566..5cba6f1f0 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: coredns{{ coredns_ordinal_suffix | default('') }}
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
index db5682354..64d9c4dae 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
index c5b76b0b5..193de10eb 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: coredns{{ coredns_ordinal_suffix | default('') }}
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index b1ba1481d..5f0a40cb3 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -25,7 +25,7 @@ metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
- namespace: {{ system_namespace }}
+ namespace: kube-system
type: Opaque
---
@@ -37,7 +37,7 @@ metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
- namespace: {{ system_namespace }}
+ namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
@@ -46,7 +46,7 @@ kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
@@ -81,7 +81,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
- namespace: {{ system_namespace }}
+ namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -89,7 +89,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
- namespace: {{ system_namespace }}
+ namespace: kube-system
---
# ------------------- Gross Hack For anonymous auth through api proxy ------------------- #
@@ -103,7 +103,7 @@ rules:
resources: ["services/proxy"]
resourceNames: ["https:kubernetes-dashboard:"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/{{ system_namespace }}/services/https:kubernetes-dashboard:/proxy/*"]
+- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
@@ -128,7 +128,7 @@ metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
- namespace: {{ system_namespace }}
+ namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
@@ -200,7 +200,7 @@ metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
- namespace: {{ system_namespace }}
+ namespace: kube-system
spec:
ports:
- port: 443
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2
index f80d3d90c..e29ed4dac 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2
@@ -17,7 +17,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cluster-proportional-autoscaler
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups: [""]
resources: ["nodes"]
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2
index eb76f2d4e..3b11c6b9f 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2
@@ -17,11 +17,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cluster-proportional-autoscaler
- namespace: {{ system_namespace }}
+ namespace: kube-system
subjects:
- kind: ServiceAccount
name: cluster-proportional-autoscaler
- namespace: {{ system_namespace }}
+ namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-proportional-autoscaler
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2
index 542ae86ce..4c440f653 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2
@@ -17,4 +17,4 @@ kind: ServiceAccount
apiVersion: v1
metadata:
name: cluster-proportional-autoscaler
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index df92ee615..d7c30eceb 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -17,7 +17,7 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kubedns-autoscaler
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: kubedns-autoscaler
kubernetes.io/cluster-service: "true"
@@ -40,7 +40,7 @@ spec:
memory: "10Mi"
command:
- /cluster-proportional-autoscaler
- - --namespace={{ system_namespace }}
+ - --namespace=kube-system
- --configmap=kubedns-autoscaler
# Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
- --target=Deployment/kube-dns
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 682bdf491..cfce65f0e 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kube-dns
- namespace: "{{system_namespace}}"
+ namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
index f399fd6f4..296a3a938 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2
@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-dns
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
index 1c4710db1..6bc5f9240 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: kube-dns
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index c576586a2..fefa7caeb 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -126,32 +126,3 @@
- kube_version | version_compare('v1.9.3', '<=')
- inventory_hostname == groups['kube-master'][0]
tags: vsphere
-
-# This is not a cluster role, but should be run after kubeconfig is set on master
-- name: Write kube system namespace manifest
- template:
- src: namespace.j2
- dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
- when: inventory_hostname == groups['kube-master'][0]
- tags:
- - apps
-
-- name: Check if kube system namespace exists
- command: "{{ bin_dir }}/kubectl get ns {{system_namespace}}"
- register: 'kubesystem'
- changed_when: False
- failed_when: False
- when: inventory_hostname == groups['kube-master'][0]
- tags:
- - apps
-
-- name: Create kube system namespace
- command: "{{ bin_dir }}/kubectl create -f {{kube_config_dir}}/{{system_namespace}}-ns.yml"
- retries: 4
- delay: "{{ retry_stagger | random + 3 }}"
- register: create_system_ns
- until: create_system_ns.rc == 0
- changed_when: False
- when: inventory_hostname == groups['kube-master'][0] and kubesystem.rc != 0
- tags:
- - apps
diff --git a/roles/kubernetes-apps/cluster_roles/templates/namespace.j2 b/roles/kubernetes-apps/cluster_roles/templates/namespace.j2
index 9bdf201a2..f2e115a6a 100644
--- a/roles/kubernetes-apps/cluster_roles/templates/namespace.j2
+++ b/roles/kubernetes-apps/cluster_roles/templates/namespace.j2
@@ -1,4 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
- name: "{{system_namespace}}"
+ name: "kube-system"
diff --git a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
index 8abbe2317..b6055132b 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
@@ -10,7 +10,7 @@
when: rbac_enabled
- name: "ElasticSearch | Create Serviceaccount and Clusterrolebinding (RBAC)"
- command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n {{ system_namespace }}"
+ command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n kube-system"
with_items:
- "efk-sa.yml"
- "efk-clusterrolebinding.yml"
@@ -24,7 +24,7 @@
register: es_deployment_manifest
- name: "ElasticSearch | Create ES deployment"
- command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-deployment.yaml -n {{ system_namespace }}"
+ command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-deployment.yaml -n kube-system"
run_once: true
when: es_deployment_manifest.changed
@@ -35,6 +35,6 @@
register: es_service_manifest
- name: "ElasticSearch | Create ES service"
- command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}"
+ command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n kube-system"
run_once: true
when: es_service_manifest.changed
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
index a5aba61ae..dd5b9b630 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml
@@ -3,11 +3,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: efk
- namespace: {{ system_namespace }}
+ namespace: kube-system
subjects:
- kind: ServiceAccount
name: efk
- namespace: {{ system_namespace }}
+ namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
index e79e26be8..75d75f650 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml
@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: efk
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2 b/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
index 6d5382e09..ee2eb8b21 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
@@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: elasticsearch-logging-v1
- namespace: "{{ system_namespace }}"
+ namespace: kube-system
labels:
k8s-app: elasticsearch-logging
version: "{{ elasticsearch_image_tag }}"
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-service.yml.j2 b/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-service.yml.j2
index b7558f9d9..789ecb215 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-service.yml.j2
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-service.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: elasticsearch-logging
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
labels:
k8s-app: elasticsearch-logging
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/efk/fluentd/tasks/main.yml b/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
index c91bf6827..f444c79b6 100644
--- a/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/fluentd/tasks/main.yml
@@ -17,6 +17,6 @@
register: fluentd_ds_manifest
- name: "Fluentd | Create fluentd daemonset"
- command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}"
+ command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n kube-system"
run_once: true
when: fluentd_ds_manifest.changed
diff --git a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-config.yml.j2 b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-config.yml.j2
index 8a8ebbcec..b7de44dc0 100644
--- a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-config.yml.j2
+++ b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-config.yml.j2
@@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: fluentd-config
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
data:
{{ fluentd_config_file }}: |
# This configuration file for Fluentd / td-agent is used
diff --git a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2 b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
index 960a79e89..f23a8851c 100644
--- a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
+++ b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
@@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: "fluentd-es-v{{ fluentd_version }}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
labels:
k8s-app: fluentd-es
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/efk/kibana/tasks/main.yml b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
index ea8568286..424b313b8 100644
--- a/roles/kubernetes-apps/efk/kibana/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
@@ -10,7 +10,7 @@
filename: "{{kube_config_dir}}/kibana-deployment.yaml"
kubectl: "{{bin_dir}}/kubectl"
name: "kibana-logging"
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
resource: "deployment"
state: "latest"
with_items: "{{ kibana_deployment_manifest.changed }}"
@@ -27,7 +27,7 @@
filename: "{{kube_config_dir}}/kibana-service.yaml"
kubectl: "{{bin_dir}}/kubectl"
name: "kibana-logging"
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
resource: "svc"
state: "latest"
with_items: "{{ kibana_service_manifest.changed }}"
diff --git a/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2 b/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
index c48413bd0..4fdf54c04 100644
--- a/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
+++ b/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
@@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kibana-logging
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
labels:
k8s-app: kibana-logging
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/efk/kibana/templates/kibana-service.yml.j2 b/roles/kubernetes-apps/efk/kibana/templates/kibana-service.yml.j2
index 241b896f0..5cff3c628 100644
--- a/roles/kubernetes-apps/efk/kibana/templates/kibana-service.yml.j2
+++ b/roles/kubernetes-apps/efk/kibana/templates/kibana-service.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: kibana-logging
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
labels:
k8s-app: kibana-logging
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/defaults/main.yml b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/defaults/main.yml
index 9a3bca1ef..3b80ecbb2 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/defaults/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/defaults/main.yml
@@ -2,7 +2,7 @@
cephfs_provisioner_image_repo: quay.io/kubespray/cephfs-provisioner
cephfs_provisioner_image_tag: 92295a30
-cephfs_provisioner_namespace: "{{ system_namespace }}"
+cephfs_provisioner_namespace: "kube-system"
cephfs_provisioner_cluster: ceph
cephfs_provisioner_monitors: []
cephfs_provisioner_admin_id: admin
diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/defaults/main.yml b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/defaults/main.yml
index dd2e8a147..ea5dcb079 100644
--- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/defaults/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/defaults/main.yml
@@ -2,7 +2,7 @@
local_volume_provisioner_image_repo: quay.io/external_storage/local-volume-provisioner
local_volume_provisioner_image_tag: v2.0.0
-local_volume_provisioner_namespace: "{{ system_namespace }}"
+local_volume_provisioner_namespace: "kube-system"
local_volume_provisioner_base_dir: /mnt/disks
local_volume_provisioner_mount_dir: /mnt/disks
local_volume_provisioner_storage_class: local-storage
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index 06e97aff2..e7b387944 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -18,7 +18,7 @@
- name: Helm | Apply Helm Manifests (RBAC)
kube:
name: "{{item.item.name}}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
@@ -28,7 +28,7 @@
- name: Helm | Install/upgrade helm
command: >
- {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ system_namespace }}
+ {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system
{% if helm_skip_refresh %} --skip-refresh{% endif %}
{% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
{% if rbac_enabled %} --service-account=tiller{% endif %}
diff --git a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
index 0c8db4c78..00694181e 100644
--- a/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml
@@ -3,11 +3,11 @@ kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller
- namespace: {{ system_namespace }}
+ namespace: kube-system
subjects:
- kind: ServiceAccount
name: tiller
- namespace: {{ system_namespace }}
+ namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
diff --git a/roles/kubernetes-apps/helm/templates/tiller-sa.yml b/roles/kubernetes-apps/helm/templates/tiller-sa.yml
index 26e575fb6..606dbb147 100644
--- a/roles/kubernetes-apps/helm/templates/tiller-sa.yml
+++ b/roles/kubernetes-apps/helm/templates/tiller-sa.yml
@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml b/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml
index f17e45c7a..4c8295c1e 100644
--- a/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml
@@ -2,7 +2,7 @@
- name: Start Calico resources
kube:
name: "{{item.item.name}}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
diff --git a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
index cbe4f0ac7..3640fe762 100644
--- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
@@ -2,7 +2,7 @@
- name: Canal | Start Resources
kube:
name: "{{item.item.name}}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
diff --git a/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml b/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml
index 2359fe2d4..5d90bdb01 100755
--- a/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/cilium/tasks/main.yml
@@ -2,7 +2,7 @@
- name: Cilium | Start Resources
kube:
name: "{{item.item.name}}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
@@ -11,7 +11,7 @@
when: inventory_hostname == groups['kube-master'][0] and not item|skipped
- name: Cilium | Wait for pods to run
- command: "{{bin_dir}}/kubectl -n {{system_namespace}} get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'"
+ command: "{{bin_dir}}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'"
register: pods_not_ready
until: pods_not_ready.stdout.find("cilium")==-1
retries: 30
diff --git a/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml b/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml
index 330acc1cd..5289296dc 100644
--- a/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml
@@ -3,7 +3,7 @@
- name: Contiv | Create Kubernetes resources
kube:
name: "{{ item.item.name }}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{ bin_dir }}/kubectl"
resource: "{{ item.item.type }}"
filename: "{{ contiv_config_dir }}/{{ item.item.file }}"
diff --git a/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml b/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
index 09603a794..bdf954bf9 100644
--- a/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
@@ -2,7 +2,7 @@
- name: Flannel | Start Resources
kube:
name: "{{item.item.name}}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
index 66d900d55..53ad953b5 100644
--- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
@@ -5,7 +5,7 @@
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/weave-net.yml"
resource: "ds"
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
state: "latest"
when: inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index ba1162799..62e929f41 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -12,7 +12,7 @@
name: calico-policy-controller
kubectl: "{{bin_dir}}/kubectl"
resource: rs
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
state: absent
run_once: true
@@ -32,7 +32,7 @@
- name: Start of Calico kube controllers
kube:
name: "{{item.item.name}}"
- namespace: "{{ system_namespace }}"
+ namespace: "kube-system"
kubectl: "{{bin_dir}}/kubectl"
resource: "{{item.item.type}}"
filename: "{{kube_config_dir}}/{{item.item.file}}"
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index 7e1311b92..d7083e3e6 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -2,7 +2,7 @@ apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: calico-kube-controllers
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: calico-kube-controllers
kubernetes.io/cluster-service: "true"
@@ -15,7 +15,7 @@ spec:
template:
metadata:
name: calico-kube-controllers
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
k8s-app: calico-kube-controllers
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
index 82c2f3e44..d05e986a4 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
@@ -3,7 +3,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-kube-controllers
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups:
- ""
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2
index 38853a413..2e5118481 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-crb.yml.j2
@@ -10,4 +10,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: calico-kube-controllers
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2
index bf8958976..e42e89d18 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-sa.yml.j2
@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-kube-controllers
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/kubernetes-apps/registry/defaults/main.yml b/roles/kubernetes-apps/registry/defaults/main.yml
index 93d1cfa2a..a626435d5 100644
--- a/roles/kubernetes-apps/registry/defaults/main.yml
+++ b/roles/kubernetes-apps/registry/defaults/main.yml
@@ -4,6 +4,6 @@ registry_image_tag: 2.6
registry_proxy_image_repo: gcr.io/google_containers/kube-registry-proxy
registry_proxy_image_tag: 0.4
-registry_namespace: "{{ system_namespace }}"
+registry_namespace: "kube-system"
registry_storage_class: ""
registry_disk_size: "10Gi"
diff --git a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
index 52101ae16..3884a3a65 100644
--- a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
+++ b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
@@ -44,5 +44,5 @@
when: needs_rotation
- name: Rotate Tokens | Delete pods in system namespace
- command: "{{ bin_dir }}/kubectl delete pods -n {{ system_namespace }} --all"
+ command: "{{ bin_dir }}/kubectl delete pods -n kube-system --all"
when: needs_rotation
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 350a27a18..0a4e3e661 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod
metadata:
name: kube-apiserver
- namespace: {{system_namespace}}
+ namespace: kube-system
labels:
k8s-app: kube-apiserver
kubespray: v2
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index 2b4282a2e..99eef9b39 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod
metadata:
name: kube-controller-manager
- namespace: {{system_namespace}}
+ namespace: kube-system
labels:
k8s-app: kube-controller-manager
annotations:
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
index b13fc7fa3..a4023365e 100644
--- a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod
metadata:
name: kube-scheduler
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: kube-scheduler
annotations:
diff --git a/roles/kubernetes/master/vars/main.yml b/roles/kubernetes/master/vars/main.yml
deleted file mode 100644
index a5eba4f2b..000000000
--- a/roles/kubernetes/master/vars/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-namespace_kubesystem:
- apiVersion: v1
- kind: Namespace
- metadata:
- name: "{{system_namespace}}"
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 57c2269a9..18e51069f 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod
metadata:
name: kube-proxy
- namespace: {{system_namespace}}
+ namespace: kube-system
labels:
k8s-app: kube-proxy
annotations:
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 2d566cad1..a1e9a7815 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -2,7 +2,7 @@ apiVersion: v1
kind: Pod
metadata:
name: nginx-proxy
- namespace: {{system_namespace}}
+ namespace: kube-system
labels:
k8s-app: kube-nginx
spec:
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 4828de6af..f2c5dcd04 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -61,7 +61,6 @@ dns_domain: "{{ cluster_name }}"
kube_config_dir: /etc/kubernetes
kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests"
-system_namespace: kube-system
# This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/ssl"
diff --git a/roles/network_plugin/calico/templates/calico-config.yml.j2 b/roles/network_plugin/calico/templates/calico-config.yml.j2
index 92d2f1f0a..3be65deaa 100644
--- a/roles/network_plugin/calico/templates/calico-config.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-config.yml.j2
@@ -2,7 +2,7 @@ kind: ConfigMap
apiVersion: v1
metadata:
name: calico-config
- namespace: {{ system_namespace }}
+ namespace: kube-system
data:
etcd_endpoints: "{{ etcd_access_addresses }}"
etcd_ca: "/calico-secrets/ca_cert.crt"
diff --git a/roles/network_plugin/calico/templates/calico-cr.yml.j2 b/roles/network_plugin/calico/templates/calico-cr.yml.j2
index 47d626659..cef8331f3 100644
--- a/roles/network_plugin/calico/templates/calico-cr.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-cr.yml.j2
@@ -3,7 +3,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico-node
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups: [""]
resources:
diff --git a/roles/network_plugin/calico/templates/calico-crb.yml.j2 b/roles/network_plugin/calico/templates/calico-crb.yml.j2
index 2e132a0dc..1b4e8fe00 100644
--- a/roles/network_plugin/calico/templates/calico-crb.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-crb.yml.j2
@@ -10,4 +10,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: calico-node
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/network_plugin/calico/templates/calico-node-sa.yml.j2 b/roles/network_plugin/calico/templates/calico-node-sa.yml.j2
index 5cce29793..68b1c286f 100644
--- a/roles/network_plugin/calico/templates/calico-node-sa.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node-sa.yml.j2
@@ -3,6 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 6ec3cd20b..849ea0afb 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -6,7 +6,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: calico-node
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: calico-node
spec:
diff --git a/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2 b/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2
index e3b048c64..2e92b7b2b 100644
--- a/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2
@@ -3,7 +3,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calico
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups: [""]
resources:
diff --git a/roles/network_plugin/canal/templates/canal-crb-calico.yml.j2 b/roles/network_plugin/canal/templates/canal-crb-calico.yml.j2
index e1c1f5050..016e5193e 100644
--- a/roles/network_plugin/canal/templates/canal-crb-calico.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-crb-calico.yml.j2
@@ -11,4 +11,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: canal
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/network_plugin/canal/templates/canal-crb-flannel.yml.j2 b/roles/network_plugin/canal/templates/canal-crb-flannel.yml.j2
index 3b00017b1..097b1538e 100644
--- a/roles/network_plugin/canal/templates/canal-crb-flannel.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-crb-flannel.yml.j2
@@ -11,4 +11,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: canal
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/network_plugin/canal/templates/canal-node-sa.yml.j2 b/roles/network_plugin/canal/templates/canal-node-sa.yml.j2
index d5b9a6e97..aa168d15c 100644
--- a/roles/network_plugin/canal/templates/canal-node-sa.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-node-sa.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: canal
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2
index d63bf99b0..8535360a1 100644
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: canal-node
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: canal-node
spec:
diff --git a/roles/network_plugin/cilium/templates/cilium-config.yml.j2 b/roles/network_plugin/cilium/templates/cilium-config.yml.j2
index a96bb8531..c5051e2ca 100755
--- a/roles/network_plugin/cilium/templates/cilium-config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-config.yml.j2
@@ -2,7 +2,7 @@ kind: ConfigMap
apiVersion: v1
metadata:
name: cilium-config
- namespace: {{ system_namespace }}
+ namespace: kube-system
data:
# This etcd-config contains the etcd endpoints of your cluster. If you use
# TLS please make sure you uncomment the ca-file line and add the respective
diff --git a/roles/network_plugin/cilium/templates/cilium-crb.yml.j2 b/roles/network_plugin/cilium/templates/cilium-crb.yml.j2
index dcfe4d471..04d603d57 100755
--- a/roles/network_plugin/cilium/templates/cilium-crb.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-crb.yml.j2
@@ -10,6 +10,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: cilium
- namespace: {{ system_namespace }}
+ namespace: kube-system
- kind: Group
name: system:nodes
diff --git a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
index 3d877a5cb..8eaa24f32 100755
--- a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: cilium
- namespace: {{ system_namespace }}
+ namespace: kube-system
spec:
template:
metadata:
diff --git a/roles/network_plugin/cilium/templates/cilium-sa.yml.j2 b/roles/network_plugin/cilium/templates/cilium-sa.yml.j2
index d6ef2a431..c03ac59b4 100755
--- a/roles/network_plugin/cilium/templates/cilium-sa.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-sa.yml.j2
@@ -3,4 +3,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: cilium
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
index 140379b13..3ccaffaf8 100644
--- a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: contiv-api-proxy
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: contiv-api-proxy
spec:
@@ -12,7 +12,7 @@ spec:
template:
metadata:
name: contiv-api-proxy
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: contiv-api-proxy
annotations:
diff --git a/roles/network_plugin/contiv/templates/contiv-config.yml.j2 b/roles/network_plugin/contiv/templates/contiv-config.yml.j2
index 0505cd1f1..249d9d88e 100644
--- a/roles/network_plugin/contiv/templates/contiv-config.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-config.yml.j2
@@ -5,7 +5,7 @@ kind: ConfigMap
apiVersion: v1
metadata:
name: contiv-config
- namespace: {{ system_namespace }}
+ namespace: kube-system
data:
# The location of your cluster store. This is set to the
# avdertise-client value below from the contiv-etcd service.
diff --git a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
index a9690cc2f..75946d821 100644
--- a/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-etcd-proxy.yml.j2
@@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-etcd-proxy
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: contiv-etcd-proxy
spec:
diff --git a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2 b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
index 8060f4c01..a6e9121d4 100644
--- a/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-etcd.yml.j2
@@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-etcd
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: contiv-etcd
spec:
diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrole.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrole.yml.j2
index 82ca00437..6ccd4f9b4 100644
--- a/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrole.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrole.yml.j2
@@ -2,7 +2,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: contiv-netmaster
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups:
- ""
diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrolebinding.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrolebinding.yml.j2
index 74c5e3145..73d636775 100644
--- a/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrolebinding.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netmaster-clusterrolebinding.yml.j2
@@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: contiv-netmaster
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster-serviceaccount.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster-serviceaccount.yml.j2
index 0c1bfb3e5..758ea4493 100644
--- a/roles/network_plugin/contiv/templates/contiv-netmaster-serviceaccount.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netmaster-serviceaccount.yml.j2
@@ -2,6 +2,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: contiv-netmaster
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
index 56be2d93d..d41259ec1 100644
--- a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
@@ -3,7 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-netmaster
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: contiv-netmaster
spec:
@@ -12,7 +12,7 @@ spec:
template:
metadata:
name: contiv-netmaster
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: contiv-netmaster
annotations:
diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrole.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrole.yml.j2
index c26e094ed..af4c6e584 100644
--- a/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrole.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrole.yml.j2
@@ -2,7 +2,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: contiv-netplugin
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups:
- ""
diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrolebinding.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrolebinding.yml.j2
index 0c989008a..6cac217fc 100644
--- a/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrolebinding.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netplugin-clusterrolebinding.yml.j2
@@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: contiv-netplugin
- namespace: {{ system_namespace }}
+ namespace: kube-system
diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin-serviceaccount.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin-serviceaccount.yml.j2
index edfac8bb3..8d00ec8cb 100644
--- a/roles/network_plugin/contiv/templates/contiv-netplugin-serviceaccount.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netplugin-serviceaccount.yml.j2
@@ -2,6 +2,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: contiv-netplugin
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
index 9c2c0a036..2a7bf71cb 100644
--- a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
@@ -5,7 +5,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: contiv-netplugin
- namespace: {{ system_namespace }}
+ namespace: kube-system
labels:
k8s-app: contiv-netplugin
spec:
diff --git a/roles/network_plugin/flannel/templates/cni-flannel-rbac.yml.j2 b/roles/network_plugin/flannel/templates/cni-flannel-rbac.yml.j2
index aafe2a0f5..6f5c9a211 100644
--- a/roles/network_plugin/flannel/templates/cni-flannel-rbac.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel-rbac.yml.j2
@@ -3,7 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
@@ -41,4 +41,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: flannel
- namespace: "{{system_namespace}}"
\ No newline at end of file
+ namespace: "kube-system"
\ No newline at end of file
diff --git a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
index bb2a6a7f8..7ecb21ad0 100644
--- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
@@ -3,7 +3,7 @@ kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
labels:
tier: node
app: flannel
@@ -41,7 +41,7 @@ apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel
- namespace: "{{system_namespace}}"
+ namespace: "kube-system"
labels:
tier: node
k8s-app: flannel
diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2
index 699ba3128..9a7da7377 100644
--- a/roles/network_plugin/weave/templates/weave-net.yml.j2
+++ b/roles/network_plugin/weave/templates/weave-net.yml.j2
@@ -8,14 +8,14 @@ items:
name: weave-net
labels:
name: weave-net
- namespace: {{ system_namespace }}
+ namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups:
- ''
@@ -41,7 +41,7 @@ items:
name: weave-net
labels:
name: weave-net
- namespace: {{ system_namespace }}
+ namespace: kube-system
roleRef:
kind: ClusterRole
name: weave-net
@@ -49,14 +49,14 @@ items:
subjects:
- kind: ServiceAccount
name: weave-net
- namespace: {{ system_namespace }}
+ namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: weave-net
labels:
name: weave-net
- namespace: {{ system_namespace }}
+ namespace: kube-system
rules:
- apiGroups:
- ''
@@ -79,7 +79,7 @@ items:
name: weave-net
labels:
name: weave-net
- namespace: {{ system_namespace }}
+ namespace: kube-system
roleRef:
kind: Role
name: weave-net
@@ -87,7 +87,7 @@ items:
subjects:
- kind: ServiceAccount
name: weave-net
- namespace: {{ system_namespace }}
+ namespace: kube-system
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
@@ -95,7 +95,7 @@ items:
labels:
name: weave-net
version: v{{ weave_version }}
- namespace: {{ system_namespace }}
+ namespace: kube-system
spec:
minReadySeconds: 5
template:
diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index 9a3e83035..8e5ad08a0 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -86,7 +86,7 @@ vault_ca_options:
format: pem
ttl: "{{ vault_max_lease_ttl }}"
exclude_cn_from_sans: true
- alt_names: "vault.{{ system_namespace }}.svc.{{ dns_domain }},vault.{{ system_namespace }}.svc,vault.{{ system_namespace }},vault"
+ alt_names: "vault.kube-system.svc.{{ dns_domain }},vault.kube-system.svc,vault.kube-system,vault"
etcd:
common_name: etcd
format: pem
--
GitLab