Merge remote-tracking branch 'upstream/master' into fix-#12950

Author: burxtx

contrib/terraform/openstack/modules/compute/main.tf

@@ -1006,7 +1006,7 @@ resource "openstack_compute_instance_v2" "glusterfs_node_no_floating_ip" {
   name              = "${var.cluster_name}-gfs-node-nf-${count.index + 1}"
   count             = var.number_of_gfs_nodes_no_floating_ip
   availability_zone = element(var.az_list, count.index)
-  image_name        = var.gfs_root_volume_size_in_gb == 0 ? local.image_to_use_gfs : null
+  image_id          = var.gfs_root_volume_size_in_gb == 0 ? local.image_to_use_gfs : null
   flavor_id         = var.flavor_gfs_node
   key_pair          = openstack_compute_keypair_v2.k8s.name
 
@@ -1078,7 +1078,7 @@ resource "openstack_networking_floatingip_associate_v2" "k8s_nodes" {
   port_id               = openstack_networking_port_v2.k8s_nodes_port[each.key].id
 }
 
-resource "openstack_blockstorage_volume_v2" "glusterfs_volume" {
+resource "openstack_blockstorage_volume_v3" "glusterfs_volume" {
   name        = "${var.cluster_name}-glusterfs_volume-${count.index + 1}"
   count       = var.gfs_root_volume_size_in_gb == 0 ? var.number_of_gfs_nodes_no_floating_ip : 0
   description = "Non-ephemeral volume for GlusterFS"
@@ -1088,5 +1088,5 @@ resource "openstack_blockstorage_volume_v2" "glusterfs_volume" {
 resource "openstack_compute_volume_attach_v2" "glusterfs_volume" {
   count       = var.gfs_root_volume_size_in_gb == 0 ? var.number_of_gfs_nodes_no_floating_ip : 0
   instance_id = element(openstack_compute_instance_v2.glusterfs_node_no_floating_ip.*.id, count.index)
-  volume_id   = element(openstack_blockstorage_volume_v2.glusterfs_volume.*.id, count.index)
+  volume_id   = element(openstack_blockstorage_volume_v3.glusterfs_volume.*.id, count.index)
 }

docs/ansible/ansible.md

@@ -78,7 +78,6 @@ The following tags are defined in playbooks:
 | crio                           | Configuring crio container engine for hosts           |
 | crun                           | Configuring crun runtime                              |
 | csi-driver                     | Configuring csi driver                                |
-| dashboard                      | Installing and configuring the Kubernetes Dashboard   |
 | dns                            | Remove dns entries when resetting                     |
 | docker                         | Configuring docker engine runtime for hosts           |
 | download                       | Fetching container images to a delegate host          |

docs/getting_started/getting-started.md

@@ -83,32 +83,6 @@ authentication. One can get a kubeconfig from kube_control_plane hosts
 For more information on kubeconfig and accessing a Kubernetes cluster, refer to
 the Kubernetes [documentation](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/).
 
-## Accessing Kubernetes Dashboard
-
-Supported version is kubernetes-dashboard v2.0.x :
-
-- Login option : token/kubeconfig by default
-- Deployed by default in "kube-system" namespace, can be overridden with `dashboard_namespace: kubernetes-dashboard` in inventory,
-- Only serves over https
-
-Access is described in [dashboard docs](https://github.com/kubernetes/dashboard/tree/master/docs/user/accessing-dashboard). With kubespray's default deployment in kube-system namespace, instead of kubernetes-dashboard :
-
-- Proxy URL is <http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#/login>
-- kubectl commands must be run with "-n kube-system"
-
-Accessing through Ingress is highly recommended. For proxy access, please note that proxy must listen to [localhost](https://github.com/kubernetes/dashboard/issues/692#issuecomment-220492484) (`proxy  --address="x.x.x.x"` will not work)
-
-For token authentication, guide to create Service Account is provided in [dashboard sample user](https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md) doc. Still take care of default namespace.
-
-Access can also by achieved via ssh tunnel on a control plane :
-
-```bash
-# localhost:8081 will be sent to control-plane-1's own localhost:8081
-ssh -L8001:localhost:8001 user@control-plane-1
-sudo -i
-kubectl proxy
-```
-
 ## Accessing Kubernetes API
 
 The main client of Kubernetes is `kubectl`. It is installed on each kube_control_plane

docs/operations/hardening.md

@@ -100,8 +100,6 @@ kubelet_make_iptables_util_chains: true
 kubelet_feature_gates: ["RotateKubeletServerCertificate=true"]
 kubelet_seccomp_default: true
 kubelet_systemd_hardening: true
-# To disable kubelet's staticPodPath (for nodes that don't use static pods like worker nodes)
-kubelet_static_pod_path: ""
 # In case you have multiple interfaces in your
 # control plane nodes and you want to specify the right
 # IP addresses, kubelet_secure_addresses allows you

inventory/sample/group_vars/k8s_cluster/addons.yml

@@ -1,8 +1,4 @@
 ---
-# Kubernetes dashboard
-# RBAC required. see docs/getting-started.md for access details.
-# dashboard_enabled: false
-
 # Helm deployment
 helm_enabled: false
 

roles/kubernetes-apps/ansible/defaults/main.yml

@@ -11,6 +11,7 @@ dns_nodes_per_replica: 16
 dns_cores_per_replica: 256
 dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas | int > 1 else 'false' }}"
 enable_coredns_reverse_dns_lookups: true
+coredns_svc_name: "coredns"
 coredns_ordinal_suffix: ""
 # dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
 coredns_affinity:
@@ -118,29 +119,5 @@ netchecker_agent_log_level: 5
 netchecker_server_log_level: 5
 netchecker_etcd_log_level: info
 
-# Dashboard
-dashboard_replicas: 1
-
-# Namespace for dashboard
-dashboard_namespace: kube-system
-
-# Limits for dashboard
-dashboard_cpu_limit: 100m
-dashboard_memory_limit: 256M
-dashboard_cpu_requests: 50m
-dashboard_memory_requests: 64M
-
-# Set dashboard_use_custom_certs to true if overriding dashboard_certs_secret_name with a secret that
-# contains dashboard_tls_key_file and dashboard_tls_cert_file instead of using the initContainer provisioned certs
-dashboard_use_custom_certs: false
-dashboard_certs_secret_name: kubernetes-dashboard-certs
-dashboard_tls_key_file: dashboard.key
-dashboard_tls_cert_file: dashboard.crt
-dashboard_master_toleration: true
-
-# Override dashboard default settings
-dashboard_token_ttl: 900
-dashboard_skip_login: false
-
 # Policy Controllers
 # policy_controller_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]

roles/kubernetes-apps/ansible/tasks/main.yml

@@ -109,15 +109,3 @@
     - netchecker-server-clusterrolebinding.yml.j2
     - netchecker-server-deployment.yml.j2
     - netchecker-server-svc.yml.j2
-
-- name: Kubernetes Apps | Dashboard
-  command:
-    cmd: "{{ kubectl_apply_stdin }}"
-    stdin: "{{ lookup('template', 'dashboard.yml.j2') }}"
-  delegate_to: "{{ groups['kube_control_plane'][0] }}"
-  run_once: true
-  vars:
-    k8s_namespace: "{{ dashboard_namespace }}"
-  when: dashboard_enabled
-  tags:
-    - dashboard

roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: coredns{{ coredns_ordinal_suffix }}
+  name: {{ coredns_svc_name }}{{ coredns_ordinal_suffix }}
   namespace: kube-system
   labels:
     k8s-app: kube-dns{{ coredns_ordinal_suffix }}