Upgrade to kubernetes v1.8.0 (#1730)

* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name

.gitlab-ci.yml

@@ -60,7 +60,6 @@ before_script:
   KUBELET_DEPLOYMENT: "host"
   VAULT_DEPLOYMENT: "docker"
   WEAVE_CPU_LIMIT: "100m"
-  AUTHORIZATION_MODES: "{ 'authorization_modes': [] }"
   MAGIC: "ci check this"
 
 .gce: &gce
@@ -131,7 +130,6 @@ before_script:
       -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
       -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
       -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
-      -e "${AUTHORIZATION_MODES}"
       --limit "all:!fake_hosts"
       cluster.yml
 
@@ -161,7 +159,6 @@ before_script:
       -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
       -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
       -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
-      -e "${AUTHORIZATION_MODES}"
       --limit "all:!fake_hosts"
       $PLAYBOOK;
       fi
@@ -199,7 +196,6 @@ before_script:
       -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
       -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
       -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
-      -e "${AUTHORIZATION_MODES}"
       --limit "all:!fake_hosts"
       cluster.yml;
       fi
@@ -248,7 +244,6 @@ before_script:
       -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}"
       -e weave_cpu_requests=${WEAVE_CPU_LIMIT}
       -e weave_cpu_limit=${WEAVE_CPU_LIMIT}
-      -e "${AUTHORIZATION_MODES}"
       --limit "all:!fake_hosts"
       cluster.yml;
       fi
@@ -278,7 +273,6 @@ before_script:
 # Test matrix. Leave the comments for markup scripts.
 .coreos_calico_aio_variables: &coreos_calico_aio_variables
 # stage: deploy-gce-part1
-  AUTHORIZATION_MODES: "{ 'authorization_modes':  [ 'RBAC' ] }"
   KUBE_NETWORK_PLUGIN: calico
   CLOUD_IMAGE: coreos-stable-1465-6-0-v20170817
   CLOUD_REGION: us-west1-b
@@ -289,10 +283,9 @@ before_script:
   ##User-data to simply turn off coreos upgrades
   STARTUP_SCRIPT: 'systemctl disable locksmithd && systemctl stop locksmithd'
 
-.ubuntu_canal_ha_rbac_variables: &ubuntu_canal_ha_rbac_variables
+.ubuntu_canal_ha_variables: &ubuntu_canal_ha_variables
 # stage: deploy-gce-part1
   KUBE_NETWORK_PLUGIN: canal
-  AUTHORIZATION_MODES: "{ 'authorization_modes':  [ 'RBAC' ] }"
   CLOUD_IMAGE: ubuntu-1604-xenial
   CLOUD_REGION: europe-west1-b
   CLUSTER_MODE: ha
@@ -302,7 +295,6 @@ before_script:
 .centos_weave_kubeadm_variables: &centos_weave_kubeadm_variables
 # stage: deploy-gce-part1
   KUBE_NETWORK_PLUGIN: weave
-  AUTHORIZATION_MODES: "{ 'authorization_modes':  [ 'RBAC' ] }"
   CLOUD_IMAGE: centos-7
   CLOUD_MACHINE_TYPE: "n1-standard-1"
   CLOUD_REGION: us-central1-b
@@ -314,7 +306,6 @@ before_script:
 .ubuntu_canal_kubeadm_variables: &ubuntu_canal_kubeadm_variables
 # stage: deploy-gce-part1
   KUBE_NETWORK_PLUGIN: canal
-  AUTHORIZATION_MODES: "{ 'authorization_modes':  [ 'RBAC' ] }"
   CLOUD_IMAGE: ubuntu-1604-xenial
   CLOUD_MACHINE_TYPE: "n1-standard-1"
   CLOUD_REGION: europe-west1-b
@@ -409,7 +400,6 @@ before_script:
 
 .ubuntu_vault_sep_variables: &ubuntu_vault_sep_variables
 # stage: deploy-gce-part1
-  AUTHORIZATION_MODES: "{ 'authorization_modes':  [ 'RBAC' ] }"
   CLOUD_MACHINE_TYPE: "n1-standard-2"
   KUBE_NETWORK_PLUGIN: canal
   CERT_MGMT: vault
@@ -418,9 +408,8 @@ before_script:
   CLUSTER_MODE: separate
   STARTUP_SCRIPT: ""
 
-.ubuntu_flannel_rbac_variables: &ubuntu_flannel_rbac_variables
+.ubuntu_flannel_variables: &ubuntu_flannel_variables
 # stage: deploy-gce-special
-  AUTHORIZATION_MODES: "{ 'authorization_modes':  [ 'RBAC' ] }"
   KUBE_NETWORK_PLUGIN: flannel
   CLOUD_IMAGE: ubuntu-1604-xenial
   CLOUD_REGION: europe-west1-b
@@ -492,28 +481,28 @@ ubuntu-weave-sep-triggers:
   only: ['triggers']
 
 # More builds for PRs/merges (manual) and triggers (auto)
-ubuntu-canal-ha-rbac:
+ubuntu-canal-ha:
   stage: deploy-gce-part1
   <<: *job
   <<: *gce
   variables:
     <<: *gce_variables
-    <<: *ubuntu_canal_ha_rbac_variables
+    <<: *ubuntu_canal_ha_variables
   when: manual
   except: ['triggers']
   only: ['master', /^pr-.*$/]
 
-ubuntu-canal-ha-rbac-triggers:
+ubuntu-canal-ha-triggers:
   stage: deploy-gce-part1
   <<: *job
   <<: *gce
   variables:
     <<: *gce_variables
-    <<: *ubuntu_canal_ha_rbac_variables
+    <<: *ubuntu_canal_ha_variables
   when: on_success
   only: ['triggers']
 
-ubuntu-canal-kubeadm-rbac:
+ubuntu-canal-kubeadm:
   stage: deploy-gce-part1
   <<: *job
   <<: *gce
@@ -534,7 +523,7 @@ ubuntu-canal-kubeadm-triggers:
   when: on_success
   only: ['triggers']
 
-centos-weave-kubeadm-rbac:
+centos-weave-kubeadm:
   stage: deploy-gce-part1
   <<: *job
   <<: *gce
@@ -694,13 +683,13 @@ ubuntu-vault-sep:
   except: ['triggers']
   only: ['master', /^pr-.*$/]
 
-ubuntu-flannel-rbac-sep:
+ubuntu-flannel-sep:
   stage: deploy-gce-special
   <<: *job
   <<: *gce
   variables:
     <<: *gce_variables
-    <<: *ubuntu_flannel_rbac_variables
+    <<: *ubuntu_flannel_variables
   when: manual
   except: ['triggers']
   only: ['master', /^pr-.*$/]