Stop templating kube-system namespace and creating it (#2545)

Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.

roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2

@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: kube-dns
-  namespace: "{{system_namespace}}"
+  namespace: kube-system
   labels:
     k8s-app: kube-dns
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/ansible/templates/kubedns-sa.yml.j2

@@ -3,6 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: kube-dns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/ansible/templates/kubedns-svc.yml.j2

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: kube-dns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     k8s-app: kube-dns
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/cluster_roles/tasks/main.yml

@@ -126,32 +126,3 @@
     - kube_version | version_compare('v1.9.3', '<=')
     - inventory_hostname == groups['kube-master'][0]
   tags: vsphere
-
-# This is not a cluster role, but should be run after kubeconfig is set on master
-- name: Write kube system namespace manifest
-  template:
-    src: namespace.j2
-    dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
-  when: inventory_hostname == groups['kube-master'][0]
-  tags:
-    - apps
-
-- name: Check if kube system namespace exists
-  command: "{{ bin_dir }}/kubectl get ns {{system_namespace}}"
-  register: 'kubesystem'
-  changed_when: False
-  failed_when: False
-  when: inventory_hostname == groups['kube-master'][0]
-  tags:
-    - apps
-
-- name: Create kube system namespace
-  command: "{{ bin_dir }}/kubectl create -f {{kube_config_dir}}/{{system_namespace}}-ns.yml"
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  register: create_system_ns
-  until: create_system_ns.rc == 0
-  changed_when: False
-  when: inventory_hostname == groups['kube-master'][0] and kubesystem.rc != 0
-  tags:
-    - apps

roles/kubernetes-apps/cluster_roles/templates/namespace.j2

 apiVersion: v1
 kind: Namespace
 metadata:
-  name: "{{system_namespace}}"
+  name: "kube-system"

roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml

@@ -10,7 +10,7 @@
   when: rbac_enabled
 
 - name: "ElasticSearch | Create Serviceaccount and Clusterrolebinding (RBAC)"
-  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n {{ system_namespace }}"
+  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n kube-system"
   with_items:
     - "efk-sa.yml"
     - "efk-clusterrolebinding.yml"
@@ -24,7 +24,7 @@
   register: es_deployment_manifest
 
 - name: "ElasticSearch | Create ES deployment"
-  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-deployment.yaml -n {{ system_namespace }}"
+  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-deployment.yaml -n kube-system"
   run_once: true
   when: es_deployment_manifest.changed
 
@@ -35,6 +35,6 @@
   register: es_service_manifest
 
 - name: "ElasticSearch | Create ES service"
-  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n {{ system_namespace }}"
+  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/elasticsearch-service.yaml -n kube-system"
   run_once: true
   when: es_service_manifest.changed

roles/kubernetes-apps/efk/elasticsearch/templates/efk-clusterrolebinding.yml

@@ -3,11 +3,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: efk
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 subjects:
   - kind: ServiceAccount
     name: efk
-    namespace: {{ system_namespace }}
+    namespace: kube-system
 roleRef:
   kind: ClusterRole
   name: cluster-admin

roles/kubernetes-apps/efk/elasticsearch/templates/efk-sa.yml

@@ -3,6 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: efk
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2

@@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: elasticsearch-logging-v1
-  namespace: "{{ system_namespace }}"
+  namespace: kube-system
   labels:
     k8s-app: elasticsearch-logging
     version: "{{ elasticsearch_image_tag }}"

roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-service.yml.j2

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: elasticsearch-logging
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
   labels:
     k8s-app: elasticsearch-logging
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/efk/fluentd/tasks/main.yml

@@ -17,6 +17,6 @@
   register: fluentd_ds_manifest
 
 - name: "Fluentd | Create fluentd daemonset"
-  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n {{ system_namespace }}"
+  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/fluentd-ds.yaml -n kube-system"
   run_once: true
   when: fluentd_ds_manifest.changed

roles/kubernetes-apps/efk/fluentd/templates/fluentd-config.yml.j2

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: fluentd-config
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
 data:
   {{ fluentd_config_file }}: |
     # This configuration file for Fluentd / td-agent is used

roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2

@@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
   name: "fluentd-es-v{{ fluentd_version }}"
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
   labels:
     k8s-app: fluentd-es
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/efk/kibana/tasks/main.yml

@@ -10,7 +10,7 @@
     filename: "{{kube_config_dir}}/kibana-deployment.yaml"
     kubectl: "{{bin_dir}}/kubectl"
     name: "kibana-logging"
-    namespace: "{{system_namespace}}"
+    namespace: "kube-system"
     resource: "deployment"
     state: "latest"
   with_items: "{{ kibana_deployment_manifest.changed }}"
@@ -27,7 +27,7 @@
     filename: "{{kube_config_dir}}/kibana-service.yaml"
     kubectl: "{{bin_dir}}/kubectl"
     name: "kibana-logging"
-    namespace: "{{system_namespace}}"
+    namespace: "kube-system"
     resource: "svc"
     state: "latest"
   with_items: "{{ kibana_service_manifest.changed }}"

roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2

@@ -4,7 +4,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: kibana-logging
-  namespace: "{{ system_namespace  }}"
+  namespace: "kube-system"
   labels:
     k8s-app: kibana-logging
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/efk/kibana/templates/kibana-service.yml.j2

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: kibana-logging
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
   labels:
     k8s-app: kibana-logging
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/external_provisioner/cephfs_provisioner/defaults/main.yml

@@ -2,7 +2,7 @@
 cephfs_provisioner_image_repo: quay.io/kubespray/cephfs-provisioner
 cephfs_provisioner_image_tag: 92295a30
 
-cephfs_provisioner_namespace: "{{ system_namespace }}"
+cephfs_provisioner_namespace: "kube-system"
 cephfs_provisioner_cluster: ceph
 cephfs_provisioner_monitors: []
 cephfs_provisioner_admin_id: admin

roles/kubernetes-apps/external_provisioner/local_volume_provisioner/defaults/main.yml

@@ -2,7 +2,7 @@
 local_volume_provisioner_image_repo: quay.io/external_storage/local-volume-provisioner
 local_volume_provisioner_image_tag: v2.0.0
 
-local_volume_provisioner_namespace: "{{ system_namespace }}"
+local_volume_provisioner_namespace: "kube-system"
 local_volume_provisioner_base_dir: /mnt/disks
 local_volume_provisioner_mount_dir: /mnt/disks
 local_volume_provisioner_storage_class: local-storage

roles/kubernetes-apps/helm/tasks/main.yml

@@ -18,7 +18,7 @@
 - name: Helm | Apply Helm Manifests (RBAC)
   kube:
     name: "{{item.item.name}}"
-    namespace: "{{ system_namespace }}"
+    namespace: "kube-system"
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
@@ -28,7 +28,7 @@
 
 - name: Helm | Install/upgrade helm
   command: >
-    {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ system_namespace }}
+    {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace=kube-system
     {% if helm_skip_refresh %} --skip-refresh{% endif %}
     {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %}
     {% if rbac_enabled %} --service-account=tiller{% endif %}

roles/kubernetes-apps/helm/templates/tiller-clusterrolebinding.yml

@@ -3,11 +3,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: tiller
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 subjects:
   - kind: ServiceAccount
     name: tiller
-    namespace: {{ system_namespace }}
+    namespace: kube-system
 roleRef:
   kind: ClusterRole
   name: cluster-admin