From bad886ca9b86f65e6de31eac18d775a03594518b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <ak@patientsky.com>
Date: Tue, 27 Nov 2018 00:36:39 +0100
Subject: [PATCH] Update defaults to match k8s 1.12 suggestions (#3760)

* Update defaults to match k8s 1.12 suggestions

* Test if Netchecker works with node ip instead of localhost

* Update defaults to ipvs and coredns

* Update defaults for kube_apiserver_insecure_port

* Update main.yaml
---
 inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml | 8 ++++----
 roles/kubernetes/node/defaults/main.yml                 | 2 +-
 roles/kubespray-defaults/defaults/main.yaml             | 6 +++---
 tests/testcases/040_check-network-adv.yml               | 4 ++--
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index 88592e399..d67c0bae4 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -89,13 +89,13 @@ kube_network_node_prefix: 24
 # The port the API Server will be listening on.
 kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
 kube_apiserver_port: 6443 # (https)
-kube_apiserver_insecure_port: 8080 # (http)
+#kube_apiserver_insecure_port: 8080 # (http)
 # Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true
-#kube_apiserver_insecure_port: 0 # (disabled)
+kube_apiserver_insecure_port: 0 # (disabled)
 
 # Kube-proxy proxyMode configuration.
 # Can be ipvs, iptables
-kube_proxy_mode: iptables
+kube_proxy_mode: ipvs
 
 # Kube-proxy nodeport address.
 # cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
@@ -111,7 +111,7 @@ cluster_name: cluster.local
 # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
 ndots: 2
 # Can be dnsmasq_kubedns, kubedns, coredns, coredns_dual, manual or none
-dns_mode: kubedns
+dns_mode: coredns
 # Set manual server if using a custom cluster DNS server
 #manual_dns_server: 10.x.x.x
 
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 4718feb91..58d29d434 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -18,7 +18,7 @@ kube_resolv_conf: "/etc/resolv.conf"
 kube_proxy_healthz_bind_address: "127.0.0.1"
 
 # Can be ipvs, iptables
-kube_proxy_mode: iptables
+kube_proxy_mode: ipvs
 
 # If using the pure iptables proxy, SNAT everything. Note that it breaks any
 # policy engine.
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 9039d4c6c..4b15d258d 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -15,7 +15,7 @@ disable_swap: true
 kube_version: v1.12.2
 
 ## Kube Proxy mode One of ['iptables','ipvs']
-kube_proxy_mode: iptables
+kube_proxy_mode: ipvs
 
 # Kube-proxy nodeport address.
 # cidr to bind nodeport services. Flag --nodeport-addresses on kube-proxy manifest
@@ -44,7 +44,7 @@ cluster_name: cluster.local
 # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
 ndots: 2
 # Can be dnsmasq_kubedns, kubedns, manual or none
-dns_mode: kubedns
+dns_mode: coredns
 
 # Should be set to a cluster IP if using a custom cluster DNS
 # manual_dns_server: 10.x.x.x
@@ -142,7 +142,7 @@ kube_apiserver_bind_address: 0.0.0.0
 kube_apiserver_port: 6443
 # http
 kube_apiserver_insecure_bind_address: 127.0.0.1
-kube_apiserver_insecure_port: 8080
+kube_apiserver_insecure_port: 0
 
 # dynamic kubelet configuration
 dynamic_kubelet_configuration: false
diff --git a/tests/testcases/040_check-network-adv.yml b/tests/testcases/040_check-network-adv.yml
index 819a7a485..5dfebe4f1 100644
--- a/tests/testcases/040_check-network-adv.yml
+++ b/tests/testcases/040_check-network-adv.yml
@@ -42,7 +42,7 @@
       delay: 10
 
     - name: Get netchecker agents
-      uri: url=http://localhost:{{netchecker_port}}/api/v1/agents/ return_content=yes
+      uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/agents/ return_content=yes
       run_once: true
       delegate_to: "{{groups['kube-master'][0]}}"
       register: agents
@@ -59,7 +59,7 @@
       run_once: true
 
     - name: Check netchecker status
-      uri: url=http://localhost:{{netchecker_port}}/api/v1/connectivity_check status_code=200 return_content=yes
+      uri: url=http://{{ ansible_default_ipv4.address }}:{{netchecker_port}}/api/v1/connectivity_check status_code=200 return_content=yes
       delegate_to: "{{groups['kube-master'][0]}}"
       run_once: true
       register: result
-- 
GitLab