diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index 4e8ae57c5d6d8734e0fee4f4c70b1a2a82a0dd27..cf1fb177631e0ecfbd5638da89764dffd2513c5c 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -111,6 +111,13 @@ kube_proxy_nodeport_addresses: >-
[]
{%- endif -%}
+# If non-empty, will use this string as identification instead of the actual hostname
+#kube_override_hostname: >-
+# {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+# {%- else -%}
+# {{ inventory_hostname }}
+# {%- endif -%}
+
## Encrypting Secret Data at Rest (experimental)
kube_encrypt_secret_data: false
diff --git a/roles/kubernetes/kubeadm/defaults/main.yml b/roles/kubernetes/kubeadm/defaults/main.yml
index d9ed537c274365d0648f693799726cbcad4400b0..be13b682bf4746362bf1ce8369665255e8a84043 100644
--- a/roles/kubernetes/kubeadm/defaults/main.yml
+++ b/roles/kubernetes/kubeadm/defaults/main.yml
@@ -1,3 +1,10 @@
---
# discovery_timeout modifies the discovery timeout
discovery_timeout: 5m0s
+
+# If non-empty, will use this string as identification instead of the actual hostname
+kube_override_hostname: >-
+ {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+ {%- else -%}
+ {{ inventory_hostname }}
+ {%- endif -%}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
index 8bc0a78f0fb162d32de5162a463a51ab81462089..18420a5ac51cd936e0713d36f774fe92e9a91b7f 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
@@ -15,7 +15,7 @@ discoveryTokenAPIServers:
{% endif %}
discoveryTokenUnsafeSkipCAVerification: true
nodeRegistration:
- name: {{ inventory_hostname }}
+ name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
index bc60b6134f5e4b35ff890b4062f65d32e5b88073..dfcdfa6b0fbad684a64cd5fd0bea964958c2545b 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
@@ -15,7 +15,7 @@ discoveryTokenAPIServers:
{% endif %}
discoveryTokenUnsafeSkipCAVerification: true
nodeRegistration:
- name: {{ inventory_hostname }}
+ name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
diff --git a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2 b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
index f5123204c67dc13de6f88ebf87c1bd80359d26d2..36cc01f31fa4db9182dbd7a84a51e629741f6b99 100644
--- a/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
+++ b/roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
@@ -13,7 +13,7 @@ discovery:
tlsBootstrapToken: {{ kubeadm_token }}
caCertPath: {{ kube_cert_dir }}/ca.crt
nodeRegistration:
- name: {{ inventory_hostname }}
+ name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
index 89719d08db8910ffe8a00b8af1121f09d9857001..948c2c60c5b6073da79767ceab090e0331bfcd5d 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@@ -254,6 +254,7 @@ conntrack:
tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
enableProfiling: {{ kube_proxy_enable_profiling }}
healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
+hostnameOverride: {{ kube_override_hostname }}
iptables:
masqueradeAll: {{ kube_proxy_masquerade_all }}
masqueradeBit: {{ kube_proxy_masquerade_bit }}
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
index 045a13e0c4a4d6a6e67a25890368e60e38c3380d..103389da4b71349492df78bfb610e3b187e168fd 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
@@ -259,6 +259,7 @@ conntrack:
tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
enableProfiling: {{ kube_proxy_enable_profiling }}
healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
+hostnameOverride: {{ kube_override_hostname }}
iptables:
masqueradeAll: {{ kube_proxy_masquerade_all }}
masqueradeBit: {{ kube_proxy_masquerade_bit }}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 09092ef30b51bd28efa98589b3cb20b24a60e254..05e7ec96ae5e2ff896f4f7fe26fb93ad465b5fad 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -157,6 +157,13 @@ kube_apiserver_port: 6443
kube_apiserver_insecure_bind_address: 127.0.0.1
kube_apiserver_insecure_port: 0
+# If non-empty, will use this string as identification instead of the actual hostname
+kube_override_hostname: >-
+ {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
+ {%- else -%}
+ {{ inventory_hostname }}
+ {%- endif -%}
+
# dynamic kubelet configuration
dynamic_kubelet_configuration: false
diff --git a/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json b/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json
deleted file mode 100644
index 0e99a5af97bf775846712225d272780d6084a493..0000000000000000000000000000000000000000
--- a/roles/win_nodes/kubernetes_patch/files/hostnameOverride-patch.json
+++ /dev/null
@@ -1,22 +0,0 @@
-[
- {
- "op": "add",
- "path": "/spec/template/spec/containers/0/env",
- "value": [
- {
- "name": "NODE_NAME",
- "valueFrom": {
- "fieldRef": {
- "apiVersion": "v1",
- "fieldPath": "spec.nodeName"
- }
- }
- }
- ]
- },
- {
- "op": "add",
- "path": "/spec/template/spec/containers/0/command/-",
- "value": "--hostname-override=${NODE_NAME}"
- }
-]
diff --git a/roles/win_nodes/kubernetes_patch/tasks/main.yml b/roles/win_nodes/kubernetes_patch/tasks/main.yml
index 368ff890c08b5b212f5fac17c73ed8dab8593fba..b2a3ad897556408f8d741a1a9c2657ab363815d4 100644
--- a/roles/win_nodes/kubernetes_patch/tasks/main.yml
+++ b/roles/win_nodes/kubernetes_patch/tasks/main.yml
@@ -7,33 +7,6 @@
recurse: yes
tags: [init, cni]
-- name: Apply kube-proxy hostnameOverride
- block:
- - name: Copy kube-proxy daemonset hostnameOverride patch
- copy:
- src: hostnameOverride-patch.json
- dest: "{{ kubernetes_user_manifests_path }}/hostnameOverride-patch.json"
-
- - name: Check current command for kube-proxy daemonset
- shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get ds kube-proxy --namespace=kube-system -o jsonpath='{.spec.template.spec.containers[0].command}'"
- register: current_kube_proxy_command
-
- - name: Apply hostnameOverride patch for kube-proxy daemonset
- shell: "{{bin_dir}}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf patch ds kube-proxy --namespace=kube-system --type=json -p \"$(cat hostnameOverride-patch.json)\""
- args:
- chdir: "{{ kubernetes_user_manifests_path }}"
- register: patch_kube_proxy_command
- when: not current_kube_proxy_command.stdout is search("--hostname-override=${NODE_NAME}")
-
- - debug: msg={{ patch_kube_proxy_command.stdout_lines }}
- when: patch_kube_proxy_command is not skipped
-
- - debug: msg={{ patch_kube_proxy_command.stderr_lines }}
- when: patch_kube_proxy_command is not skipped
- tags: init
- when:
- - not kube_proxy_remove
-
- name: Apply kube-proxy nodeselector
block:
- name: Copy kube-proxy daemonset nodeselector patch