Remove registry-proxy (#8327)

roles/download/defaults/main.yml

@@ -704,8 +704,6 @@ dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
 
 registry_image_repo: "{{ docker_image_repo }}/library/registry"
 registry_image_tag: "2.7.1"
-registry_proxy_image_repo: "{{ kube_image_repo }}/kube-registry-proxy"
-registry_proxy_image_tag: "0.4"
 metrics_server_version: "v0.5.0"
 metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server/metrics-server"
 metrics_server_image_tag: "{{ metrics_server_version }}"
@@ -1232,15 +1230,6 @@ downloads:
     groups:
     - kube_node
 
-  registry_proxy:
-    enabled: "{{ registry_enabled }}"
-    container: true
-    repo: "{{ registry_proxy_image_repo }}"
-    tag: "{{ registry_proxy_image_tag }}"
-    sha256: "{{ registry_proxy_digest_checksum|default(None) }}"
-    groups:
-    - kube_node
-
   metrics_server:
     enabled: "{{ metrics_server_enabled }}"
     container: true

roles/kubernetes-apps/registry/tasks/main.yml

@@ -38,23 +38,18 @@
     registry_templates:
       - { name: registry-ns, file: registry-ns.yml, type: ns }
       - { name: registry-sa, file: registry-sa.yml, type: sa }
-      - { name: registry-proxy-sa, file: registry-proxy-sa.yml, type: sa }
       - { name: registry-svc, file: registry-svc.yml, type: svc }
       - { name: registry-secrets, file: registry-secrets.yml, type: secrets }
       - { name: registry-cm, file: registry-cm.yml, type: cm }
       - { name: registry-rs, file: registry-rs.yml, type: rs }
-      - { name: registry-proxy-ds, file: registry-proxy-ds.yml, type: ds }
     registry_templates_for_psp:
       - { name: registry-psp, file: registry-psp.yml, type: psp }
       - { name: registry-cr, file: registry-cr.yml, type: clusterrole }
       - { name: registry-crb, file: registry-crb.yml, type: rolebinding }
-      - { name: registry-proxy-psp, file: registry-proxy-psp.yml, type: psp }
-      - { name: registry-proxy-cr, file: registry-proxy-cr.yml, type: clusterrole }
-      - { name: registry-proxy-crb, file: registry-proxy-crb.yml, type: rolebinding }
 
 - name: Registry | Append extra templates to Registry Templates list for PodSecurityPolicy
   set_fact:
-    registry_templates: "{{ registry_templates[:3] + registry_templates_for_psp + registry_templates[3:] }}"
+    registry_templates: "{{ registry_templates[:2] + registry_templates_for_psp + registry_templates[2:] }}"
   when:
     - podsecuritypolicy_enabled
     - registry_namespace != "kube-system"

roles/kubernetes-apps/registry/templates/registry-proxy-cr.yml.j2

@@ -1,15 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: psp:registry-proxy
-  namespace: {{ registry_namespace }}
-rules:
-  - apiGroups:
-    - policy
-    resourceNames:
-    - registry-proxy
-    resources:
-    - podsecuritypolicies
-    verbs:
-    - use

roles/kubernetes-apps/registry/templates/registry-proxy-crb.yml.j2

@@ -1,13 +0,0 @@
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: psp:registry-proxy
-  namespace: {{ registry_namespace }}
-subjects:
-  - kind: ServiceAccount
-    name: registry-proxy
-    namespace: {{ registry_namespace }}
-roleRef:
-  kind: ClusterRole
-  name: psp:registry-proxy
-  apiGroup: rbac.authorization.k8s.io

roles/kubernetes-apps/registry/templates/registry-proxy-ds.yml.j2

@@ -1,36 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: registry-proxy
-  namespace: {{ registry_namespace }}
-  labels:
-    k8s-app: registry-proxy
-    version: v{{ registry_proxy_image_tag }}
-spec:
-  selector:
-    matchLabels:
-      k8s-app: registry-proxy
-      version: v{{ registry_proxy_image_tag }}
-  template:
-    metadata:
-      labels:
-        k8s-app: registry-proxy
-        kubernetes.io/name: "registry-proxy"
-        version: v{{ registry_proxy_image_tag }}
-    spec:
-      priorityClassName: {% if registry_namespace == 'kube-system' %}system-node-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
-      serviceAccountName: registry-proxy
-      containers:
-        - name: registry-proxy
-          image: {{ registry_proxy_image_repo }}:{{ registry_proxy_image_tag }}
-          imagePullPolicy: {{ k8s_image_pull_policy }}
-          env:
-            - name: REGISTRY_HOST
-              value: registry.{{ registry_namespace }}.svc.{{ dns_domain }}
-            - name: REGISTRY_PORT
-              value: "{{ registry_port }}"
-          ports:
-            - name: registry
-              containerPort: 80
-              hostPort: {{ registry_port }}

roles/kubernetes-apps/registry/templates/registry-proxy-psp.yml.j2

@@ -1,56 +0,0 @@
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: registry-proxy
-  annotations:
-    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-{% if apparmor_enabled %}
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-{% endif %}
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-spec:
-  privileged: false
-  allowPrivilegeEscalation: false
-  requiredDropCapabilities:
-    - SETPCAP
-    - MKNOD
-    - AUDIT_WRITE
-    - NET_RAW
-    - DAC_OVERRIDE
-    - FOWNER
-    - FSETID
-    - KILL
-    - SYS_CHROOT
-    - SETFCAP
-  volumes:
-    - 'configMap'
-    - 'emptyDir'
-    - 'projected'
-    - 'secret'
-    - 'downwardAPI'
-    - 'persistentVolumeClaim'
-  hostNetwork: true
-  hostPorts:
-  - min: {{ registry_port }}
-    max: {{ registry_port }}
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'RunAsAny'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-      - min: 1
-        max: 65535
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-      - min: 1
-        max: 65535
-  readOnlyRootFilesystem: false

roles/kubernetes-apps/registry/templates/registry-proxy-sa.yml.j2

@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: registry-proxy
-  namespace: {{ registry_namespace }}