Fix ubuntu-contiv test failed (#3808)

netchecker agent status is pending

README.md

@@ -17,9 +17,6 @@ Quick Start
 
 To deploy the cluster you can use :
 
-### Current release
-2.8.2
-
 ### Ansible
 
 #### Ansible version
@@ -114,7 +111,7 @@ Supported Components
 --------------------
 
 -   Core
-    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.12.7
+    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.12.3
     -   [etcd](https://github.com/coreos/etcd) v3.2.24
     -   [docker](https://www.docker.com/) v18.06 (see note)
     -   [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)

inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml

@@ -19,7 +19,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
 kube_api_anonymous_auth: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.12.7
+kube_version: v1.12.3
 
 # kubernetes image repo define
 kube_image_repo: "gcr.io/google-containers"

requirements.txt

@@ -1,4 +1,4 @@
-ansible>=2.5.0,<2.7
+ansible>=2.5.0,!=2.7.0
 jinja2>=2.9.6
 netaddr
 pbr>=1.6

roles/container-engine/docker/vars/debian.yml

@@ -13,8 +13,8 @@ docker_versioned_pkg:
   '17.09': docker-ce=17.09.0~ce-0~debian
   '17.12': docker-ce=17.12.1~ce-0~debian
   '18.03': docker-ce=18.03.1~ce-0~debian
-  '18.06': docker-ce=18.06.2~ce~3-0~debian
+  '18.06': docker-ce=18.06.1~ce~3-0~debian
-  'stable': docker-ce=18.06.2~ce~3-0~debian
+  'stable': docker-ce=18.06.1~ce~3-0~debian
   'edge': docker-ce=17.12.1~ce-0~debian
 
 docker_package_info:

roles/container-engine/docker/vars/fedora.yml

@@ -6,7 +6,7 @@ docker_kernel_min_version: '0'
 docker_versioned_pkg:
   'latest': docker-ce
   '18.03': docker-ce-18.03.1.ce-3.fc28
-  '18.06': docker-ce-18.06.3.ce-3.fc28
+  '18.06': docker-ce-18.06.1.ce-3.fc28
 
 #
 # This is due to the fact that the docker

roles/container-engine/docker/vars/redhat.yml

@@ -14,8 +14,8 @@ docker_versioned_pkg:
   '17.09': docker-ce-17.09.0.ce-1.el7.centos
   '17.12': docker-ce-17.12.1.ce-1.el7.centos
   '18.03': docker-ce-18.03.1.ce-1.el7.centos
-  '18.06': docker-ce-18.06.3.ce-3.el7
+  '18.06': docker-ce-18.06.1.ce-3.el7
-  'stable': docker-ce-18.06.3.ce-3.el7
+  'stable': docker-ce-18.06.1.ce-3.el7
   'edge': docker-ce-17.12.1.ce-1.el7.centos
 
 docker_selinux_versioned_pkg:

roles/container-engine/docker/vars/ubuntu-amd64.yml

@@ -10,9 +10,9 @@ docker_versioned_pkg:
   '17.03': docker-ce=17.03.2~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt

roles/container-engine/docker/vars/ubuntu-arm64.yml

@@ -6,9 +6,9 @@ docker_versioned_pkg:
   'latest': docker-ce
   '17.09': docker-ce=17.09.1~ce-0~ubuntu
   '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
-  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt

roles/container-engine/docker/vars/ubuntu-bionic.yml

@@ -6,9 +6,9 @@ use_docker_engine: false
 docker_versioned_pkg:
   'latest': docker-ce
   '18.03': docker-ce=18.03.1~ce-3-0~ubuntu
-  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
+  '18.06': docker-ce=18.06.1~ce~3-0~ubuntu
-  'stable': docker-ce=18.06.2~ce~3-0~ubuntu
+  'stable': docker-ce=18.06.1~ce~3-0~ubuntu
-  'edge': docker-ce=18.06.2~ce~3-0~ubuntu
+  'edge': docker-ce=18.06.1~ce~3-0~ubuntu
 
 docker_package_info:
   pkg_mgr: apt

roles/download/defaults/main.yml

@@ -35,7 +35,7 @@ download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube
 image_arch: "{{host_architecture | default('amd64')}}"
 
 # Versions
-kube_version: v1.12.7
+kube_version: v1.12.3
 kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.2.24
 
@@ -70,10 +70,6 @@ cni_download_url: "https://github.com/containernetworking/plugins/releases/downl
 
 # Checksums
 hyperkube_checksums:
-  v1.12.7: cfcee7cadc18ffb40f87bcb21bc33e98d17a3bf97e1d75f0c63642d9e3b1ec65
-  v1.12.6: eb7bd0c21977bca7071c65fa0ef60d5e09c9e9a16c4fd8435be5bd7f5b0d1221
-  v1.12.5: f8b651816b2caa33e8b25a666e5c370e9786356d59f89579bba772f28370ed00
-  v1.12.4: a4697d8f3791f0408fcdb97b3de187e47d7b39a63332c75f68f95e25f4891cc9
   v1.12.3: 600aad3f0d016716abd85931239806193ffbe95f2edfdcea11532d518ae5cdb1
   v1.12.2: 566dfed398c20c9944f8999d6370cb584cb8c228b3c5881137b6b3d9306e4b06
   v1.12.1: 4aa23cfb2fc2e2e4d0cbe0d83a648c38e4baabd6c66f5cdbbb40cbc7582fdc74
@@ -92,10 +88,6 @@ hyperkube_checksums:
   v1.10.1: 6e0642ad6bae68dc81b8d1c9efa18e265e17e23da1895862823cafac08c0344c
   v1.10.0: b5575b2fb4266754c1675b8cd5d9b6cac70f3fee7a05c4e80da3a9e83e58c57e
 kubeadm_checksums:
-  v1.12.7: 8a16dea17c1f7aa5b72d9abdc4c3f0e50b52f325084647d71acdd0361eec5f6a
-  v1.12.6: 9048031930be9cb0506940c04f6ce67408d9caa9384b32d65d7aa5b6f1ad58ec
-  v1.12.5: d61730b3deb4d9825af0cc1e452a4be2292400507128279770c39669f6599af9
-  v1.12.4: 674ad5892ff2403f492c9042c3cea3fa0bfa3acf95bc7d1777c3645f0ddf64d7
   v1.12.3: c675aa3be82754b3f8dfdde2a1526a72986713312d46d898e65cb564c6aa8ad4
   v1.12.2: 51bc4bfd1d934a27245111c0ad1f793d5147ed15389415a1509502f23fcfa642
   v1.12.1: 5d95efd65aad398d85a9802799f36410ae7a95f9cbe73c8b10d2213c10a6d7be

roles/kubernetes/master/tasks/kubeadm-setup.yml

@@ -42,21 +42,27 @@
 
 - name: kubeadm | aggregate all SANs
   set_fact:
-    apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_supp + sans_access_ip + sans_ip + sans_address) | unique }}"
+    apiserver_sans: >-
-  vars:
+      kubernetes
-    sans_base:
+      kubernetes.default
-      - "kubernetes"
+      kubernetes.default.svc
-      - "kubernetes.default"
+      kubernetes.default.svc.{{ dns_domain }}
-      - "kubernetes.default.svc"
+      {{ kube_apiserver_ip }}
-      - "kubernetes.default.svc.{{ dns_domain }}"
+      localhost
-      - "{{ kube_apiserver_ip }}"
+      127.0.0.1
-      - "localhost"
+      {{ ' '.join(groups['kube-master']) }}
-      - "127.0.0.1"
+      {%- if loadbalancer_apiserver is defined %}
-    sans_lb: "{{ [apiserver_loadbalancer_domain_name] if apiserver_loadbalancer_domain_name is defined else [] }}"
+      {{ apiserver_loadbalancer_domain_name }}
-    sans_supp: "{{ supplementary_addresses_in_ssl_keys if supplementary_addresses_in_ssl_keys is defined else [] }}"
+      {%- endif %}
-    sans_access_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'access_ip') | list | select('defined') | list }}"
+      {%- for host in groups['kube-master'] -%}
-    sans_ip: "{{ groups['kube-master'] | map('extract', hostvars, 'ip') | list | select('defined') | list }}"
+      {%- if hostvars[host]['access_ip'] is defined %}{{ hostvars[host]['access_ip'] }}{% endif %}
-    sans_address: "{{ groups['kube-master'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | select('defined') | list }}"
+      {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
+      {%- endfor %}
+      {%- if supplementary_addresses_in_ssl_keys is defined %}
+      {%- for addr in supplementary_addresses_in_ssl_keys %}
+      {{ addr }}
+      {%- endfor %}
+      {%- endif %}
   tags: facts
 
 - name: kubeadm | Copy etcd cert dir under k8s cert dir

roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2

@@ -20,6 +20,7 @@ networking:
   dnsDomain: {{ dns_domain }}
   serviceSubnet: {{ kube_service_addresses }}
   podSubnet: {{ kube_pods_subnet }}
+  podNetworkCidr: "{{ kube_network_node_prefix }}"
 kubernetesVersion: {{ kube_version }}
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
 cloudProvider: {{cloud_provider}}
@@ -98,12 +99,6 @@ apiServerExtraArgs:
 {%   if kube_oidc_groups_claim is defined %}
   oidc-groups-claim: {{ kube_oidc_groups_claim }}
 {%   endif %}
-{%   if kube_oidc_username_prefix is defined %}
-  oidc-username-prefix: {{ kube_oidc_username_prefix }}
-{%   endif %}
-{%   if kube_oidc_groups_prefix is defined %}
-  oidc-groups-prefix: {{ kube_oidc_groups_prefix }}
-{%   endif %}
 {% endif %}
 {% if kube_encrypt_secret_data %}
   experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
@@ -126,7 +121,6 @@ controllerManagerExtraArgs:
   node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
   node-monitor-period: {{ kube_controller_node_monitor_period }}
   pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
-  node-cidr-mask-size: "{{ kube_network_node_prefix }}"
   profiling: "{{ kube_profiling }}"
   terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
 {% if kube_feature_gates %}
@@ -177,7 +171,7 @@ apiServerExtraVolumes:
 {% endif %}
 {% endif %}
 apiServerCertSANs:
-{% for san in apiserver_sans %}
+{% for san in  apiserver_sans.split(' ') | unique %}
   - {{ san }}
 {% endfor %}
 certificatesDir: {{ kube_config_dir }}/ssl

roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2

@@ -21,6 +21,7 @@ networking:
   dnsDomain: {{ dns_domain }}
   serviceSubnet: {{ kube_service_addresses }}
   podSubnet: {{ kube_pods_subnet }}
+  podNetworkCidr: "{{ kube_network_node_prefix }}"
 kubernetesVersion: {{ kube_version }}
 kubeProxy:
   config:
@@ -83,12 +84,6 @@ apiServerExtraArgs:
 {%   if kube_oidc_groups_claim is defined %}
   oidc-groups-claim: {{ kube_oidc_groups_claim }}
 {%   endif %}
-{%   if kube_oidc_username_prefix is defined %}
-  oidc-username-prefix: {{ kube_oidc_username_prefix }}
-{%   endif %}
-{%   if kube_oidc_groups_prefix is defined %}
-  oidc-groups-prefix: {{ kube_oidc_groups_prefix }}
-{%   endif %}
 {% endif %}
 {% if kube_encrypt_secret_data %}
   experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
@@ -124,7 +119,6 @@ controllerManagerExtraArgs:
   node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
   node-monitor-period: {{ kube_controller_node_monitor_period }}
   pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
-  node-cidr-mask-size: "{{ kube_network_node_prefix }}"
   profiling: "{{ kube_profiling }}"
   terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
 {% if kube_feature_gates %}
@@ -152,7 +146,7 @@ controllerManagerExtraVolumes:
   mountPath: {{ kube_config_dir }}/cloud_config
 {% endif %}
 {% endif %}
-{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or apiserver_extra_volumes or (cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"]) %}
+{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %}
 apiServerExtraVolumes:
 {% if kube_basic_auth|default(true) %}
 - name: basic-auth-config
@@ -174,17 +168,6 @@ apiServerExtraVolumes:
   mountPath: {{ audit_log_mountpath }}
   writable: true
 {% endif %}
-{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
-- name: cloud-config
-  hostPath: {{ kube_config_dir }}/cloud_config
-  mountPath: {{ kube_config_dir }}/cloud_config
-{% endif %}
-{% for volume in apiserver_extra_volumes %}
-- name: {{ volume.name }}
-  hostPath: {{ volume.hostPath }}
-  mountPath: {{ volume.mountPath }}
-  writable: {{ volume.writable | default(false)}}
-{% endfor %}
 {% endif %}
 {% endif %}
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
@@ -206,7 +189,7 @@ schedulerExtraArgs:
 {% endfor %}
 {% endif %}
 apiServerCertSANs:
-{% for san in apiserver_sans %}
+{% for san in apiserver_sans.split(' ') | unique %}
   - {{ san }}
 {% endfor %}
 certificatesDir: {{ kube_config_dir }}/ssl

roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2

@@ -36,6 +36,7 @@ networking:
   dnsDomain: {{ dns_domain }}
   serviceSubnet: {{ kube_service_addresses }}
   podSubnet: {{ kube_pods_subnet }}
+  podNetworkCidr: "{{ kube_network_node_prefix }}"
 kubernetesVersion: {{ kube_version }}
 {% if groups['kube-master'] | length > 1 and kubeadm_config_api_fqdn is defined %}
 controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
@@ -43,7 +44,7 @@ controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.po
 controlPlaneEndpoint: {{ ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }}
 {% endif %}
 apiServerCertSANs:
-{% for san in apiserver_sans %}
+{% for san in  apiserver_sans.split(' ') | unique %}
   - {{ san }}
 {% endfor %}
 certificatesDir: {{ kube_config_dir }}/ssl
@@ -93,12 +94,6 @@ apiServerExtraArgs:
 {%   if kube_oidc_groups_claim is defined %}
   oidc-groups-claim: {{ kube_oidc_groups_claim }}
 {%   endif %}
-{%   if kube_oidc_username_prefix is defined %}
-  oidc-username-prefix: {{ kube_oidc_username_prefix }}
-{%   endif %}
-{%   if kube_oidc_groups_prefix is defined %}
-  oidc-groups-prefix: {{ kube_oidc_groups_prefix }}
-{%   endif %}
 {% endif %}
 {% if kube_encrypt_secret_data %}
   experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml
@@ -131,7 +126,6 @@ controllerManagerExtraArgs:
   node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
   node-monitor-period: {{ kube_controller_node_monitor_period }}
   pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
-  node-cidr-mask-size: "{{ kube_network_node_prefix }}"
 {% if kube_feature_gates %}
   feature-gates: {{ kube_feature_gates|join(',') }}
 {% endif %}

roles/kubernetes/preinstall/tasks/0020-verify-settings.yml

@@ -109,7 +109,7 @@
 - name: Stop if RBAC and anonymous-auth are not enabled when insecure port is disabled
   assert:
     that: rbac_enabled and kube_api_anonymous_auth
-  when: kube_apiserver_insecure_port == 0 and inventory_hostname in groups['kube-master']
+  when: kube_apiserver_insecure_port == 0
   ignore_errors: "{{ ignore_assert_errors }}"
 
 - name: Stop if kernel version is too low

roles/kubespray-defaults/defaults/main.yaml

@@ -12,7 +12,7 @@ is_atomic: false
 disable_swap: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.12.7
+kube_version: v1.12.3
 
 ## Kube Proxy mode One of ['iptables','ipvs']
 kube_proxy_mode: ipvs
@@ -213,7 +213,7 @@ docker_options: >-
   {% if docker_registry_mirrors is defined %}
   {{ docker_registry_mirrors | map('regex_replace', '^(.*)$', '--registry-mirror=\1' ) | list | join(' ') }}
   {%- endif %}
-  {%- if docker_version is defined and docker_version is version('17.05', '<') %}
+  {%- if docker_version is version('17.05', '<') %}
   --graph={{ docker_daemon_graph }} {{ docker_log_opts }}
   {%- else %}
   --data-root={{ docker_daemon_graph }} {{ docker_log_opts }}

roles/reset/tasks/main.yml

@@ -110,18 +110,12 @@
 - name: Clear IPVS virtual server table
   shell: "ipvsadm -C"
   when:
-    - kube_proxy_mode == 'ipvs' and inventory_hostname in groups['k8s-cluster']
+    - kube_proxy_mode == 'ipvs'
-
-- name: reset | check kube-ipvs0 network device
-  stat:
-    path: /sys/class/net/kube-ipvs0
-  register: kube_ipvs0
 
 - name: reset | Remove kube-ipvs0
   command: "ip link del kube-ipvs0"
   when:
     - kube_proxy_mode == 'ipvs'
-    - kube_ipvs0.stat.exists
 
 - name: reset | delete some files and directories
   file:

tests/files/gce_ubuntu-contiv-sep.yml

@@ -1,6 +1,7 @@
 # Instance settings
 cloud_image_family: ubuntu-1604-lts
 cloud_region: us-central1-b
+cloud_machine_type: "n1-standard-2"
 mode: separate
 
 # Deployment settings