From e247b6faf1c03454b39d5f1146cc4e029ae95dc4 Mon Sep 17 00:00:00 2001
From: Steve Wilkerson <wilkers.steve@gmail.com>
Date: Tue, 19 Feb 2019 10:01:20 -0600
Subject: [PATCH] Update kubeadm kubernetes version to 1.13.4

This updates the kubernetes version used when deploying via
kubeadm and minikube to v1.13.4

This required updating the apiVersion in the kubeadm configuration
file template, as well as removing the --cadvisor-port flag from
the kubelet args, as this has been removed entirely

Change-Id: I3088b65ece0a5c9c5ef2669247ac293d6a6f66ed
---
 roles/build-images/defaults/main.yml          |  2 +-
 tools/deployment/common/005-deploy-k8s.sh     |  2 +-
 tools/images/kubeadm-aio/Dockerfile           |  2 +-
 tools/images/kubeadm-aio/assets/entrypoint.sh |  4 +-
 .../deploy-kubeadm-master/tasks/main.yaml     | 56 +++++++--------
 .../templates/kubeadm-conf.yaml.j2            | 69 ++++++++-----------
 .../templates/10-kubeadm.conf.j2              |  3 +-
 .../assets/opt/playbooks/vars.yaml            |  2 +-
 8 files changed, 64 insertions(+), 76 deletions(-)

diff --git a/roles/build-images/defaults/main.yml b/roles/build-images/defaults/main.yml
index 28f383fbe..4d9ddb76d 100644
--- a/roles/build-images/defaults/main.yml
+++ b/roles/build-images/defaults/main.yml
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 version:
-  kubernetes: v1.10.9
+  kubernetes: v1.13.4
   helm: v2.13.0
   cni: v0.6.0
 
diff --git a/tools/deployment/common/005-deploy-k8s.sh b/tools/deployment/common/005-deploy-k8s.sh
index da0f00f98..5df68231d 100755
--- a/tools/deployment/common/005-deploy-k8s.sh
+++ b/tools/deployment/common/005-deploy-k8s.sh
@@ -18,7 +18,7 @@
 set -xe
 
 : ${HELM_VERSION:="v2.13.0"}
-: ${KUBE_VERSION:="v1.12.2"}
+: ${KUBE_VERSION:="v1.13.4"}
 : ${MINIKUBE_VERSION:="v0.30.0"}
 : ${CALICO_VERSION:="v3.3"}
 
diff --git a/tools/images/kubeadm-aio/Dockerfile b/tools/images/kubeadm-aio/Dockerfile
index 78800b4d5..4be767cd5 100644
--- a/tools/images/kubeadm-aio/Dockerfile
+++ b/tools/images/kubeadm-aio/Dockerfile
@@ -34,7 +34,7 @@ ENV GOOGLE_KUBERNETES_REPO_URL ${GOOGLE_KUBERNETES_REPO_URL}
 ARG GOOGLE_HELM_REPO_URL=https://storage.googleapis.com/kubernetes-helm
 ENV GOOGLE_HELM_REPO_URL ${GOOGLE_HELM_REPO_URL}
 
-ARG KUBE_VERSION="v1.10.9"
+ARG KUBE_VERSION="v1.13.4"
 ENV KUBE_VERSION ${KUBE_VERSION}
 
 ARG CNI_VERSION="v0.6.0"
diff --git a/tools/images/kubeadm-aio/assets/entrypoint.sh b/tools/images/kubeadm-aio/assets/entrypoint.sh
index 430faa5fd..05561f3fd 100755
--- a/tools/images/kubeadm-aio/assets/entrypoint.sh
+++ b/tools/images/kubeadm-aio/assets/entrypoint.sh
@@ -18,12 +18,10 @@ set -e
 if [ "x${ACTION}" == "xgenerate-join-cmd" ]; then
 : ${TTL:="10m"}
 DISCOVERY_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages signing,authentication --groups '')"
-TLS_BOOTSTRAP_TOKEN="$(kubeadm token --kubeconfig /etc/kubernetes/admin.conf create --ttl ${TTL} --usages authentication --groups \"system:bootstrappers:kubeadm:default-node-token\")"
 DISCOVERY_TOKEN_CA_HASH="$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* /sha256:/')"
 API_SERVER=$(cat /etc/kubernetes/admin.conf | python -c "import sys, yaml; print yaml.safe_load(sys.stdin)['clusters'][0]['cluster']['server'].split(\"//\",1).pop()")
 exec echo "kubeadm join \
---tls-bootstrap-token ${TLS_BOOTSTRAP_TOKEN} \
---discovery-token ${DISCOVERY_TOKEN} \
+--token ${DISCOVERY_TOKEN} \
 --discovery-token-ca-cert-hash ${DISCOVERY_TOKEN_CA_HASH} \
 ${API_SERVER}"
 elif [ "x${ACTION}" == "xjoin-kube" ]; then
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
index 3df4fc065..418e2e1bb 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
@@ -43,53 +43,53 @@
   delegate_to: 127.0.0.1
   block:
     - name: master | deploy | certs | etcd-ca
-      command: kubeadm alpha phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | etcd-server
-      command: kubeadm alpha phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-server --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | etcd-peer
-      command: kubeadm alpha phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-peer --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | etcd-healthcheck-client
-      command: kubeadm alpha phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs etcd-healthcheck-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | ca
-      command: kubeadm alpha phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | apiserver
-      command: kubeadm alpha phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | apiserver-etcd-client
-      command: kubeadm alpha phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver-etcd-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | apiserver-kubelet-client
-      command: kubeadm alpha phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs apiserver-kubelet-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | sa
-      command: kubeadm alpha phase certs sa --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs sa
     - name: master | deploy | certs | front-proxy-ca
-      command: kubeadm alpha phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs front-proxy-ca --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | certs | front-proxy-client
-      command: kubeadm alpha phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase certs front-proxy-client --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
 
 - name: generating kubeconfigs
   delegate_to: 127.0.0.1
   block:
     - name: master | deploy | kubeconfig | admin
-      command: kubeadm alpha phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig admin --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | kubeconfig | kubelet
-      command: kubeadm alpha phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig kubelet --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | kubeconfig | controller-manager
-      command: kubeadm alpha phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | kubeconfig | scheduler
-      command: kubeadm alpha phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase kubeconfig scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
 
 - name: generating etcd static manifest
   delegate_to: 127.0.0.1
-  command: kubeadm alpha phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase etcd local --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
 
 - name: generating controlplane static manifests
   delegate_to: 127.0.0.1
   block:
     - name: master | deploy | controlplane | apiserver
-      command: kubeadm alpha phase controlplane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane apiserver --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | controlplane | controller-manager
-      command: kubeadm alpha phase controlplane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane controller-manager --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
     - name: master | deploy | controlplane | scheduler
-      command: kubeadm alpha phase controlplane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+      command: kubeadm init phase control-plane scheduler --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
 
 - name: wait for kube components
   delegate_to: 127.0.0.1
@@ -118,7 +118,7 @@
 
 - name: deploying kube-proxy
   delegate_to: 127.0.0.1
-  command: kubeadm alpha phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase addon kube-proxy --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
 
 - include_tasks: helm-cni.yaml
 
@@ -142,17 +142,19 @@
   when: k8s.keystoneAuth|bool == true
 - include_tasks: helm-deploy.yaml
 
-- name: uploading cluster config to api
+- name: uploading kubeadm config
   delegate_to: 127.0.0.1
-  command: kubeadm alpha phase upload-config --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase upload-config kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+
+- name: uploading kubelet config
+  delegate_to: 127.0.0.1
+  command: kubeadm init phase upload-config kubelet --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
 
 - name: generating bootstrap-token objects
   delegate_to: 127.0.0.1
   block:
-    - name: master | deploy | bootstrap-token | allow-post-csrs
-      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-post-csrs
-    - name: master | deploy | bootstrap-token | allow-auto-approve
-      command: kubeadm --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf alpha phase bootstrap-token node allow-auto-approve
+    - name: master | deploy | bootstrap-token
+      command: kubeadm init phase bootstrap-token --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf
 
 - name: generating bootstrap-token objects
   delegate_to: 127.0.0.1
@@ -209,7 +211,7 @@
 - name: converting the cluster to be selfhosted
   when: k8s.selfHosted|bool == true
   delegate_to: 127.0.0.1
-  command: kubeadm alpha phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
+  command: kubeadm init phase selfhosting convert-from-staticpods --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf --config /mnt/rootfs/etc/kubernetes/kubeadm-conf.yaml
 
 - name: setting up kubectl client and kubeadm on host
   block:
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
index c219ca6e5..e0d0f6860 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
@@ -1,49 +1,38 @@
 #jinja2: trim_blocks:False
-apiVersion: kubeadm.k8s.io/v1alpha1
-kind: MasterConfiguration
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
 kubernetesVersion: {{ k8s.kubernetesVersion }}
 imageRepository: {{ k8s.imageRepository }}
-nodeName: {{ kubeadm_node_hostname }}
-api:
-  advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
-  bindPort: {{ k8s.api.bindPort }}
-# etcd:
-#   endpoints:
-#   - <endpoint1|string>
-#   - <endpoint2|string>
-#   caFile: <path|string>
-#   certFile: <path|string>
-#   keyFile: <path|string>
-#   dataDir: <path|string>
-#   extraArgs:
-#     <argument>: <value|string>
-#     <argument>: <value|string>
-#   image: <string>
 networking:
   dnsDomain: {{ k8s.networking.dnsDomain }}
   podSubnet: {{ k8s.networking.podSubnet }}
   serviceSubnet: {{ k8s.networking.serviceSubnet }}
-#cloudProvider: <string>
-authorizationModes:
-- Node
-- RBAC
-token: {{ kubeadm_bootstrap_token }}
-tokenTTL: 24h0m0s
-selfHosted: {{ k8s.selfHosted }}
-apiServerExtraArgs:
-  service-node-port-range: "1024-65535"
-  feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
-controllerManagerExtraArgs:
-  address: "0.0.0.0"
-  port: "10252"
+apiServer:
+  extraArgs:
+    service-node-port-range: "1024-65535"
+    feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
+controllerManager:
+  extraArgs:
+    address: "0.0.0.0"
+    port: "10252"
+    feature-gates: "PodShareProcessNamespace=true"
+scheduler:
+  extraArgs:
+    address: "0.0.0.0"
+    port: "10251"
   feature-gates: "PodShareProcessNamespace=true"
-#   <argument>: <value|string>
-schedulerExtraArgs:
-  address: "0.0.0.0"
-  port: "10251"
-  feature-gates: "PodShareProcessNamespace=true"
-# apiServerCertSANs:
-# - <name1|string>
-# - <name2|string>
 certificatesDir: {{ k8s.certificatesDir }}
-#unifiedControlPlaneImage: <string>
+---
+apiVersion: kubeadm.k8s.io/v1beta1
+localAPIEndpoint:
+  advertiseAddress: {% if k8s.api.advertiseAddress is defined %}{{ k8s.api.advertiseAddress }}{% else %}{% if k8s.api.advertiseAddressDevice is defined %}{{ hostvars[inventory_hostname]['ansible_'+k8s.api.advertiseAddressDevice].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %}
+  bindPort: {{ k8s.api.bindPort }}
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: {{ kubeadm_bootstrap_token }}
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
index fdd4f4e30..926040be9 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
@@ -4,10 +4,9 @@ Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manife
 Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --node-ip={% if kubelet.bind_addr is defined %}{{ kubelet.bind_addr }}{% else %}{% if kubelet.bind_device is defined %}{{ hostvars[inventory_hostname]['ansible_'+kubelet.bind_device].ipv4.address }}{% else %}{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}{% endif %}{% endif %} --hostname-override={{ kubelet_node_hostname }}"
 Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain={{ k8s.networking.dnsDomain }} --resolv-conf=/etc/kubernetes/kubelet-resolv.conf"
 Environment="KUBELET_AUTHZ_ARGS=--anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
-Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
 Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
 Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
 Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates=MountPropagation=true --feature-gates=PodShareProcessNamespace=true"
 #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
 ExecStart=
-ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
index 2d903803a..28441b8ed 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
@@ -34,7 +34,7 @@ all:
     helm:
       tiller_image: gcr.io/kubernetes-helm/tiller:v2.7.0
     k8s:
-      kubernetesVersion: v1.9.1
+      kubernetesVersion: v1.13.4
       imageRepository: gcr.io/google_containers
       certificatesDir: /etc/kubernetes/pki
       selfHosted: false