From d279d145d57fc5f8afe311cada45488e4f18e663 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Tue, 5 Sep 2017 08:23:12 +0300
Subject: [PATCH] Fix non-rbac deployment of resources as a list (#1613)

* Use kubectl apply instead of create/replace

Disable checks for existing resources to speed up execution.

* Fix non-rbac deployment of resources as a list

* Fix autoscaler tolerations field

* set all kube resources to state=latest

* Update netchecker and weave
---
 library/kube.py                                        |  1 -
 roles/dnsmasq/tasks/main.yml                           |  2 +-
 roles/kubernetes-apps/ansible/tasks/main.yml           |  8 +++++---
 roles/kubernetes-apps/ansible/tasks/netchecker.yml     |  5 ++---
 .../ansible/templates/kubedns-autoscaler.yml.j2        | 10 +++-------
 roles/kubernetes-apps/efk/kibana/tasks/main.yml        |  4 ++--
 roles/kubernetes-apps/helm/tasks/main.yml              |  3 +--
 .../network_plugin/calico/tasks/main.yml               |  3 ++-
 .../network_plugin/canal/tasks/main.yml                |  2 +-
 .../network_plugin/flannel/tasks/main.yml              |  4 ++--
 .../network_plugin/weave/tasks/main.yml                |  3 +--
 .../policy_controller/calico/tasks/main.yml            |  4 ++--
 12 files changed, 22 insertions(+), 27 deletions(-)

diff --git a/library/kube.py b/library/kube.py
index fdc783fff..77f7e6e35 100644
--- a/library/kube.py
+++ b/library/kube.py
@@ -270,7 +270,6 @@ def main():
 
     manager = KubeManager(module)
     state = module.params.get('state')
-
     if state == 'present':
         result = manager.create()
 
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index a06afbdce..607e6df51 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -95,7 +95,7 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 4f9b6ef1d..3c986970c 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -51,10 +51,12 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
-  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
-  when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
+  when:
+    - dns_mode != 'none'
+    - inventory_hostname == groups['kube-master'][0]
+    - not item|skipped
   tags: dnsmasq
 
 - name: Kubernetes Apps | Netchecker
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
index 208adedc2..a74a4dc87 100644
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -32,7 +32,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
-  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
-  when: inventory_hostname == groups['kube-master'][0]
+  when: inventory_hostname == groups['kube-master'][0] and not item|skipped
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index fb87d5a50..df92ee615 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -27,17 +27,13 @@ spec:
     metadata:
       labels:
         k8s-app: kubedns-autoscaler
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       containers:
       - name: autoscaler
         image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
-        tolerations:
-          - effect: NoSchedule
-            operator: Exists
-          - effect: CriticalAddonsOnly
-            operator: exists
         resources:
           requests:
             cpu: "20m"
diff --git a/roles/kubernetes-apps/efk/kibana/tasks/main.yml b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
index 4c14d1945..ea8568286 100644
--- a/roles/kubernetes-apps/efk/kibana/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/kibana/tasks/main.yml
@@ -12,7 +12,7 @@
     name: "kibana-logging"
     namespace: "{{system_namespace}}"
     resource: "deployment"
-    state: "{{ item | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ kibana_deployment_manifest.changed }}"
   run_once: true
 
@@ -29,6 +29,6 @@
     name: "kibana-logging"
     namespace: "{{system_namespace}}"
     resource: "svc"
-    state: "{{ item | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ kibana_service_manifest.changed }}"
   run_once: true
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index 2d26c5a0f..d01211e2f 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -27,9 +27,8 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
-  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
   when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
 
 - name: Helm | Install/upgrade helm
diff --git a/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml b/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml
index 5061c5c98..f17e45c7a 100644
--- a/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/calico/tasks/main.yml
@@ -6,5 +6,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ calico_node_manifests.results }}"
+  when: inventory_hostname == groups['kube-master'][0] and not item|skipped
diff --git a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
index 6f3bb4d85..24607249f 100644
--- a/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/canal/tasks/main.yml
@@ -6,6 +6,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ canal_manifests.results }}"
   when: inventory_hostname == groups['kube-master'][0]
diff --git a/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml b/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
index cfe931375..607c7d617 100644
--- a/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml
@@ -11,7 +11,7 @@
     filename: "{{ kube_config_dir }}/cni-flannel.yml"
     resource: "ds"
     namespace: "{{system_namespace}}"
-    state: "{{ item | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ flannel_manifest.changed }}"
   when: inventory_hostname == groups['kube-master'][0]
 
@@ -19,4 +19,4 @@
   wait_for:
     path: /run/flannel/subnet.env
     delay: 5
-    timeout: 600
\ No newline at end of file
+    timeout: 600
diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
index c25702b44..3b01d0e66 100644
--- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml
@@ -17,8 +17,7 @@
     filename: "{{ kube_config_dir }}/weave-net.yml"
     resource: "ds"
     namespace: "{{system_namespace}}"
-    state: "{{ item | ternary('latest','present') }}"
-  with_items: "{{ weave_manifest.changed }}"
+    state: "latest"
   when: inventory_hostname == groups['kube-master'][0]
 
 - name: "Weave | wait for weave to become available"
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index 79bb535b7..a6b1e18c1 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -44,6 +44,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ calico_policy_manifests.results }}"
-  when: inventory_hostname == groups['kube-master'][0]
+  when: inventory_hostname == groups['kube-master'][0] and not item|skipped