Stop templating kube-system namespace and creating it (#2545)

Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.

inventory/sample/group_vars/k8s-cluster.yml

@@ -6,7 +6,6 @@
 kube_config_dir: /etc/kubernetes
 kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
 kube_manifest_dir: "{{ kube_config_dir }}/manifests"
-system_namespace: kube-system
 
 # This is where all the cert scripts and certs will be located
 kube_cert_dir: "{{ kube_config_dir }}/ssl"

roles/dnsmasq/tasks/main.yml

@@ -91,7 +91,7 @@
 - name: Start Resources
   kube:
     name: "{{item.item.name}}"
-    namespace: "{{system_namespace}}"
+    namespace: "kube-system"
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"

roles/dnsmasq/templates/dnsmasq-clusterrolebinding.yml

@@ -3,11 +3,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: dnsmasq
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
 subjects:
   - kind: ServiceAccount
     name: dnsmasq
-    namespace: "{{ system_namespace}}"
+    namespace: "kube-system"
 roleRef:
   kind: ClusterRole
   name: cluster-admin

roles/dnsmasq/templates/dnsmasq-deploy.yml

@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: dnsmasq
-  namespace: "{{system_namespace}}"
+  namespace: "kube-system"
   labels:
     k8s-app: dnsmasq
     kubernetes.io/cluster-service: "true"

roles/dnsmasq/templates/dnsmasq-serviceaccount.yml

@@ -3,6 +3,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: dnsmasq
-  namespace: "{{ system_namespace }}"
+  namespace: "kube-system"
   labels:
     kubernetes.io/cluster-service: "true"

roles/dnsmasq/templates/dnsmasq-svc.yml

@@ -6,7 +6,7 @@ metadata:
     kubernetes.io/cluster-service: 'true'
     k8s-app: dnsmasq
   name: dnsmasq
-  namespace: {{system_namespace}}
+  namespace: kube-system
 spec:
   ports:
     - port: 53

roles/etcd/defaults/main.yml

@@ -12,9 +12,9 @@ etcd_cert_group: root
 # Note: This does not set up DNS entries. It simply adds the following DNS
 # entries to the certificate
 etcd_cert_alt_names:
-  - "etcd.{{ system_namespace }}.svc.{{ dns_domain }}"
-  - "etcd.{{ system_namespace }}.svc"
-  - "etcd.{{ system_namespace }}"
+  - "etcd.kube-system.svc.{{ dns_domain }}"
+  - "etcd.kube-system.svc"
+  - "etcd.kube-system"
   - "etcd"
 
 etcd_script_dir: "{{ bin_dir }}/etcd-scripts"

roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml

@@ -2,7 +2,7 @@
 - name: Kubernetes Apps | Delete old CoreDNS resources
   kube:
     name: "coredns"
-    namespace: "{{ system_namespace }}"
+    namespace: "kube-system"
     kubectl: "{{ bin_dir }}/kubectl"
     resource: "{{ item }}"
     state: absent
@@ -16,7 +16,7 @@
 - name: Kubernetes Apps | Delete kubeadm CoreDNS
   kube:
     name: "coredns"
-    namespace: "{{ system_namespace }}"
+    namespace: "kube-system"
     kubectl: "{{ bin_dir }}/kubectl"
     resource: "deploy"
     state: absent
@@ -28,7 +28,7 @@
 - name: Kubernetes Apps | Delete old KubeDNS resources
   kube:
     name: "kube-dns"
-    namespace: "{{ system_namespace }}"
+    namespace: "kube-system"
     kubectl: "{{ bin_dir }}/kubectl"
     resource: "{{ item }}"
     state: absent
@@ -41,7 +41,7 @@
 - name: Kubernetes Apps | Delete kubeadm KubeDNS
   kube:
     name: "kube-dns"
-    namespace: "{{ system_namespace }}"
+    namespace: "kube-system"
     kubectl: "{{ bin_dir }}/kubectl"
     resource: "{{ item }}"
     state: absent

roles/kubernetes-apps/ansible/tasks/dashboard.yml

@@ -22,7 +22,7 @@
 - name: Kubernetes Apps | Start dashboard
   kube:
     name: "{{ item.item.name }}"
-    namespace: "{{ system_namespace }}"
+    namespace: "kube-system"
     kubectl: "{{ bin_dir }}/kubectl"
     resource: "{{ item.item.type }}"
     filename: "{{ kube_config_dir }}/{{ item.item.file }}"

roles/kubernetes-apps/ansible/tasks/main.yml

@@ -37,7 +37,7 @@
 - name: Kubernetes Apps | Start Resources
   kube:
     name: "{{ item.item.name }}"
-    namespace: "{{ system_namespace }}"
+    namespace: "kube-system"
     kubectl: "{{ bin_dir }}/kubectl"
     resource: "{{ item.item.type }}"
     filename: "{{ kube_config_dir }}/{{ item.item.file }}"

roles/kubernetes-apps/ansible/templates/coredns-clusterrolebinding.yml.j2

@@ -15,4 +15,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: coredns
-  namespace: {{ system_namespace }}
+  namespace: kube-system

roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: coredns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     addonmanager.kubernetes.io/mode: EnsureExists
 data:

roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2

@@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: coredns{{ coredns_ordinal_suffix | default('') }}
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/ansible/templates/coredns-sa.yml.j2

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: coredns
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile

roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: coredns{{ coredns_ordinal_suffix | default('') }}
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
     kubernetes.io/cluster-service: "true"

roles/kubernetes-apps/ansible/templates/dashboard.yml.j2

@@ -25,7 +25,7 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard-certs
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 type: Opaque
 
 ---
@@ -37,7 +37,7 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 
 ---
 # ------------------- Dashboard Role & Role Binding ------------------- #
@@ -46,7 +46,7 @@ kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: kubernetes-dashboard-minimal
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 rules:
   # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
 - apiGroups: [""]
@@ -81,7 +81,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: kubernetes-dashboard-minimal
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -89,7 +89,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 
 ---
 # ------------------- Gross Hack For anonymous auth through api proxy ------------------- #
@@ -103,7 +103,7 @@ rules:
   resources: ["services/proxy"]
   resourceNames: ["https:kubernetes-dashboard:"]
   verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/{{ system_namespace }}/services/https:kubernetes-dashboard:/proxy/*"]
+- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
   verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
 
 ---
@@ -128,7 +128,7 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 spec:
   replicas: 1
   revisionHistoryLimit: 10
@@ -200,7 +200,7 @@ metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 spec:
   ports:
     - port: 443

roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrole.yml.j2

@@ -17,7 +17,7 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: cluster-proportional-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 rules:
   - apiGroups: [""]
     resources: ["nodes"]

roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-clusterrolebinding.yml.j2

@@ -17,11 +17,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: cluster-proportional-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system
 subjects:
   - kind: ServiceAccount
     name: cluster-proportional-autoscaler
-    namespace: {{ system_namespace }}
+    namespace: kube-system
 roleRef:
   kind: ClusterRole
   name: cluster-proportional-autoscaler

roles/kubernetes-apps/ansible/templates/kubedns-autoscaler-sa.yml.j2

@@ -17,4 +17,4 @@ kind: ServiceAccount
 apiVersion: v1
 metadata:
   name: cluster-proportional-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system

roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2

@@ -17,7 +17,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: kubedns-autoscaler
-  namespace: {{ system_namespace }}
+  namespace: kube-system
   labels:
     k8s-app: kubedns-autoscaler
     kubernetes.io/cluster-service: "true"
@@ -40,7 +40,7 @@ spec:
             memory: "10Mi"
         command:
         - /cluster-proportional-autoscaler
-        - --namespace={{ system_namespace }}
+        - --namespace=kube-system
         - --configmap=kubedns-autoscaler
         # Should keep target in sync with cluster/addons/dns/kubedns-controller.yaml.base
         - --target=Deployment/kube-dns