Fix non-rbac deployment of resources as a list (#1613)

* Use kubectl apply instead of create/replace

Disable checks for existing resources to speed up execution.

* Fix non-rbac deployment of resources as a list

* Fix autoscaler tolerations field

* set all kube resources to state=latest

* Update netchecker and weave

library/kube.py

@@ -270,7 +270,6 @@ def main():
 
     manager = KubeManager(module)
     state = module.params.get('state')
-
     if state == 'present':
         result = manager.create()
 

roles/dnsmasq/tasks/main.yml

@@ -95,7 +95,7 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true

roles/kubernetes-apps/ansible/tasks/main.yml

@@ -51,10 +51,12 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
-  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
-  when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
+  when:
+    - dns_mode != 'none'
+    - inventory_hostname == groups['kube-master'][0]
+    - not item|skipped
   tags: dnsmasq
 
 - name: Kubernetes Apps | Netchecker

roles/kubernetes-apps/ansible/tasks/netchecker.yml

@@ -32,7 +32,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
-  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
-  when: inventory_hostname == groups['kube-master'][0]
+  when: inventory_hostname == groups['kube-master'][0] and not item|skipped

roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2

@@ -27,17 +27,13 @@ spec:
     metadata:
       labels:
         k8s-app: kubedns-autoscaler
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
       containers:
       - name: autoscaler
         image: "{{ kubednsautoscaler_image_repo }}:{{ kubednsautoscaler_image_tag }}"
-        tolerations:
-          - effect: NoSchedule
-            operator: Exists
-          - effect: CriticalAddonsOnly
-            operator: exists
         resources:
           requests:
             cpu: "20m"

roles/kubernetes-apps/efk/kibana/tasks/main.yml

@@ -12,7 +12,7 @@
     name: "kibana-logging"
     namespace: "{{system_namespace}}"
     resource: "deployment"
-    state: "{{ item | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ kibana_deployment_manifest.changed }}"
   run_once: true
 
@@ -29,6 +29,6 @@
     name: "kibana-logging"
     namespace: "{{system_namespace}}"
     resource: "svc"
-    state: "{{ item | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ kibana_service_manifest.changed }}"
   run_once: true

roles/kubernetes-apps/helm/tasks/main.yml

@@ -27,9 +27,8 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ manifests.results }}"
-  failed_when: manifests|failed and "Error from server (AlreadyExists)" not in manifests.msg
   when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
 
 - name: Helm | Install/upgrade helm

roles/kubernetes-apps/network_plugin/calico/tasks/main.yml

@@ -6,5 +6,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ calico_node_manifests.results }}"
+  when: inventory_hostname == groups['kube-master'][0] and not item|skipped

roles/kubernetes-apps/network_plugin/canal/tasks/main.yml

@@ -6,6 +6,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ canal_manifests.results }}"
   when: inventory_hostname == groups['kube-master'][0]

roles/kubernetes-apps/network_plugin/flannel/tasks/main.yml

@@ -11,7 +11,7 @@
     filename: "{{ kube_config_dir }}/cni-flannel.yml"
     resource: "ds"
     namespace: "{{system_namespace}}"
-    state: "{{ item | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ flannel_manifest.changed }}"
   when: inventory_hostname == groups['kube-master'][0]
 
@@ -19,4 +19,4 @@
   wait_for:
     path: /run/flannel/subnet.env
     delay: 5
-    timeout: 600
+    timeout: 600

roles/kubernetes-apps/network_plugin/weave/tasks/main.yml

@@ -17,8 +17,7 @@
     filename: "{{ kube_config_dir }}/weave-net.yml"
     resource: "ds"
     namespace: "{{system_namespace}}"
-    state: "{{ item | ternary('latest','present') }}"
-  with_items: "{{ weave_manifest.changed }}"
+    state: "latest"
   when: inventory_hostname == groups['kube-master'][0]
 
 - name: "Weave | wait for weave to become available"

roles/kubernetes-apps/policy_controller/calico/tasks/main.yml

@@ -44,6 +44,6 @@
     kubectl: "{{bin_dir}}/kubectl"
     resource: "{{item.item.type}}"
     filename: "{{kube_config_dir}}/{{item.item.file}}"
-    state: "{{item.changed | ternary('latest','present') }}"
+    state: "latest"
   with_items: "{{ calico_policy_manifests.results }}"
-  when: inventory_hostname == groups['kube-master'][0]
+  when: inventory_hostname == groups['kube-master'][0] and not item|skipped