Development (#10)

* Raspberry configuration : ARM is to rollback kubernetes v1.12.5

Note that flannel works on amd64, arm, arm64 and ppc64le.

https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/

Create setup_playbook.sh for ansible-architecture armv7l (RasPi)

* Trusted Ansible repository

* etcdctl must be manually installed on node from github.com/etcd-io/etcd/tree/release-3.1

* Update README.md

* checksums

* Bastion PI Readme FAQ

* armv7l -> arm64 compatibility mode with Pi3

* Git releases search for architectures binaries

* declare PI=pi # replace 'pi' with 'ubuntu' or any other user

* SSH permit root login
Development convenience script : $ curl -fsSL https://get.docker.com -o 
get-docker.sh $ sudo sh get-docker.sh

* Update README.md

* Classic server configuration
kubernetes-sigs/kubesrpay/issues/4293

* Bastion sudoers

* Update README.md

* - Package preinstall tasks sudo -> become: yes | no - Python 3 sudo pip3 install -r requirements.txt

* Ignore APT cache update errors [concurency lock issue](ansible/ansible#47322)

* kubernetes-sigs#2767

* Update setup_playbook.sh

* Bionic python3-dev

* Pip3

* Update master (#8) (#9)

* fix(contrib/metallb): adds missing become: true in role (kubernetes-sigs#4356)

On CoreOS, without this, it fails to kubectl apply MetalLB due to lack of privileges.

* Fix kubernetes-sigs#4237: update kube cert path (kubernetes-sigs#4354)

* Use sample inventory file in doc (kubernetes-sigs#4052)

* Revert "Fix kubernetes-sigs#4237: update kube cert path (kubernetes-sigs#4354)" (kubernetes-sigs#4369)

This reverts commit ea7a6f1.

This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters.

* Fix support for ansible 2.7.9 (kubernetes-sigs#4375)

* Use wide for netchecker debug output (kubernetes-sigs#4383)

* Added support of bastion host for reset.yaml (kubernetes-sigs#4359)

* Added support of bastion host for reset.yaml

* Empty commit to triger CI

* Use proxy_env with kubeadm phase commands (kubernetes-sigs#4325)

* clarify that kubespray now supports kubeadm (fixes kubernetes-sigs#4089) (kubernetes-sigs#4366)

* Reduce jinja2 filters in coredns templates (kubernetes-sigs#4390)

* Upgrade to k8s 1.13.5

* Increase CPU flavor for CI (kubernetes-sigs#4389)

* Fix CA cert environment variable for ectd v3 (kubernetes-sigs#4381)

* Added livenessProbe for local nginx apiserver proxy liveness probe (kubernetes-sigs#4222)

* Added configurable local apiserver proxy liveness probe

* Enable API LB healthcheck by default

* Fix template spacing and moved healthz location to nginx http section

* Fix healthcheck listen address to allow kubelet request healthcheck

* Default values for variable dns_servers and dns_domain  are set in two files: (kubernetes-sigs#3999)

values from inventory in roles/kubespray-defaults/defaults/main.yml
hardcoded values in roles/container-engine/defaults/main.yml

dns_servers set empty in roles/container-engine/defaults/main.yml and skydns_server not set in docker_dns_servers variables
also set default value for manual_dns_serve

another variables in roles/container-engine/defaults not need to set

* Fix bootsrap-os role, failing to create remote_tmp (kubernetes-sigs#4384)

* Fix bootsrap-os role, failing to create remote_tmp

* use ansible_remote_tmp hostvar

* Use static files in KubeDNS templating task (kubernetes-sigs#4379)

This commit adapts the "Lay Down KubeDNS Template" task to use the static
files moved by pull request [1]

[1] kubernetes-sigs#4341

* Fix supplementary_addresses rendering error (kubernetes-sigs#4403)

* Corrected cloud name (kubernetes-sigs#4316)

The correct name is Packet, not Packet Host.

* adapt inventory script to python 2.7 version (kubernetes-sigs#4407)

* Calico felix - Fix jinja2 boolean condition (kubernetes-sigs#4348)

* Fix jinja2 boolean condition

* Convert all felix variable to booleans instead.

README.md

@@ -17,7 +17,7 @@ Quick Start
 To deploy the cluster you can use :
 
 ### Ansible with Raspberry Pis cluster
-~~Raspian 9 (arm, armv7l)'s installed on PIs systems.~~ Ubuntu 18.04 bionic preinstalled server for Raspberries, [Download and flash the classic Server for ARM64](https://wiki.ubuntu.com/ARM/RaspberryPi). Also for Raspberry see current Pull Requests:
+~~Raspian 9 (arm, armv7l) is installed on PIs systems.~~ Ubuntu 18.04 bionic preinstalled server for Raspberries, [Download and flash the classic Server for ARM64](https://wiki.ubuntu.com/ARM/RaspberryPi). Also for Raspberry see current Pull Requests:
 
 - [ARM](https://github.com/kubernetes-sigs/kubespray/pull/4261)
 - [ARM64](https://github.com/kubernetes-sigs/kubespray/pull/4171)
@@ -37,7 +37,7 @@ Ansible v2.7.0's failing and/or produce unexpected results due to [ansible/ansib
     # Copy ``inventory/sample`` as ``inventory/mycluster``
     cp -rfp inventory/sample inventory/mycluster
 
-    # Update Ansible inventory file with inventory builder . Single master IP's possible, see nodes with bastion
+    # Update Ansible inventory file with inventory builder . Single master IP is possible, see nodes with bastion
     declare -a IPS=(192.168.0.16 192.168.0.17)
     CONFIG_FILE=inventory/mycluster/hosts.ini python3 contrib/inventory_builder/inventory.py ${IPS[@]}
     cat inventory/mycluster/hosts.ini
@@ -53,9 +53,9 @@ Ansible v2.7.0's failing and/or produce unexpected results due to [ansible/ansib
     for ip in ${IPS[@]}; do
       ssh $PI@$ip sudo bash -c "echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config";
       ssh $PI@$ip cat /etc/ssh/sshd_config | grep PermitRootLogin;
-     # To install etcd on nodes, Go lang's needed
+     # To install etcd on nodes, Go lang is needed
       ssh $PI@$ip sudo apt-get install golang -y;
-     # Ansible's reported as a trusted repository
+     # Ansible is reported as a trusted repository
       ssh $PI@$ip sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367;
      # deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main
 
@@ -95,7 +95,7 @@ ERROR! no action detected in task. This often indicates a misspelled module name
 ```
 probably pointing on a task depending on a module present in requirements.txt (i.e. "unseal vault").
 
-One way of solving this would be to uninstall the Ansible package and then, to install it via pip3 but it isn't always possible.
+One way of solving this would be to uninstall the Ansible package and then, to install it via pip3 but it is not always possible.
 A workaround consists of setting `ANSIBLE_LIBRARY` and `ANSIBLE_MODULE_UTILS` environment variables respectively to the `ansible/modules` and `ansible/module_utils` subdirectories of pip3 packages installation location, which can be found in the Location field of the output of `pip3 show [package]` before executing `ansible-playbook`.
 
 #### Known issues :
@@ -134,7 +134,7 @@ The ansible_user or --become_user must gain root privileges without password pro
 
 - When you see the Error : no PUBKEY ... could be received from GPG Look at https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#latest-releases-via-apt-debian
 
-- Deploy Kubespray with Ansible Playbook to raspberrypi The option -b's required, as for example writing SSL keys in /etc/, installing packages and interacting with various systemd daemons. Without -b argument the playbook would fall to start !
+- Deploy Kubespray with Ansible Playbook to raspberrypi The option -b is required, as for example writing SSL keys in /etc/, installing packages and interacting with various systemd daemons. Without -b argument the playbook would fall to start !
 
 ansible-playbook -i inventory/mycluster/hosts.ini cluster.yml -b -v --become-user=root --private-key=~/.ssh/id_rsa
 
@@ -213,14 +213,15 @@ Supported Linux Distributions
 -   **Fedora** 28
 -   **Fedora/CentOS** Atomic
 -   **openSUSE** Leap 42.3/Tumbleweed
+• Ubuntu 16.04, 18.04 (Raspberries)
 
 Note: Upstart/SysV init based OS types are not supported.
 
 Supported Components
 --------------------
 
 -   Core
-    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.13.4
+    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.13.5
     -   [etcd](https://github.com/coreos/etcd) v3.2.24
     -   [docker](https://www.docker.com/) v18.06 (see note)
     -   [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)

contrib/inventory_builder/inventory.py

@@ -197,8 +197,14 @@ def range2ips(self, hosts):
         reworked_hosts = []
 
         def ips(start_address, end_address):
-            start = int(ip_address(start_address).packed.hex(), 16)
-            end = int(ip_address(end_address).packed.hex(), 16)
+            try:
+                # Python 3.x
+                start = int(ip_address(start_address))
+                end   = int(ip_address(end_address))
+            except:
+                # Python 2.7
+                start = int(ip_address(unicode(start_address)))
+                end   = int(ip_address(unicode(end_address)))
             return [ip_address(ip).exploded for ip in range(start, end+1)]
 
         for host in hosts:

contrib/metallb/README.md

@@ -6,5 +6,5 @@ This playbook aims to automate [this](https://metallb.universe.tf/tutorial/layer
 
 ## Install
 ```
-ansible-playbook --ask-become -i inventory/sample/k8s_heketi_inventory.yml contrib/metallb/metallb.yml
+ansible-playbook --ask-become -i inventory/sample/hosts.ini contrib/metallb/metallb.yml
 ```

contrib/metallb/roles/provision/tasks/main.yml

@@ -12,6 +12,7 @@
     kubectl: "{{bin_dir}}/kubectl"
     filename: "{{ kube_config_dir }}/{{ item.item }}"
     state: "{{ item.changed | ternary('latest','present') }}"
+  become: true
   with_items: "{{ rendering.results }}"
   when:
     - "inventory_hostname == groups['kube-master'][0]"

docs/comparisons.md

@@ -19,7 +19,9 @@ on. Had it belonged to the new [operators world](https://coreos.com/blog/introdu
 it may have been named a "Kubernetes cluster operator". Kubespray however,
 does generic configuration management tasks from the "OS operators" ansible
 world, plus some initial K8s clustering (with networking plugins included) and
-control plane bootstrapping. Kubespray [strives](https://github.com/kubernetes-sigs/kubespray/issues/553)
-to adopt kubeadm as a tool in order to consume life cycle management domain
-knowledge from it and offload generic OS configuration things from it, which
-hopefully benefits both sides.
+control plane bootstrapping. 
+
+Kubespray supports `kubeadm` for cluster creation since v2.3 
+(and deprecated non-kubeadm deployment starting from v2.8)
+in order to consume life cycle management domain knowledge from it
+and offload generic OS configuration things from it, which hopefully benefits both sides.

docs/packet.md

@@ -1,7 +1,7 @@
-Packet Host
+Packet
 ===============
 
-Kubespray provides support for bare metal deployments using the [Packet Host bare metal cloud](http://www.packet.com).
+Kubespray provides support for bare metal deployments using the [Packet bare metal cloud](http://www.packet.com).
 Deploying upon bare metal allows Kubernetes to run at locations where an existing public or private cloud might not exist such
 as cell tower, edge collocated installations. The deployment mechanism used by Kubespray for Packet is similar to that used for
 AWS and OpenStack clouds (notably using Terraform to deploy the infrastructure). Terraform uses the Packet provider plugin
@@ -10,7 +10,7 @@ dynamically from the Terraform state file.
 
 ## Local Host Configuration
 
-To perform this installation, you will need a localhost to run Terraform/Ansible (laptop, VM, etc) and an account with Packet Host.
+To perform this installation, you will need a localhost to run Terraform/Ansible (laptop, VM, etc) and an account with Packet.
 In this example, we're using an m1.large CentOS 7 OpenStack VM as the localhost to kickoff the Kubernetes installation.
 You'll need Ansible, Git, and PIP.
 

inventory/sample/group_vars/all/all.yml

@@ -24,6 +24,8 @@ bin_dir: /usr/local/bin
 ## Local loadbalancer should use this port
 ## And must be set port 6443
 nginx_kube_apiserver_port: 6443
+## If nginx_kube_apiserver_healthcheck_port variable defined, enables proxy liveness check.
+nginx_kube_apiserver_healthcheck_port: 8081
 
 ### OTHER OPTIONAL VARIABLES
 ## For some things, kubelet needs to load kernel modules.  For example, dynamic kernel services are needed

inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml

@@ -19,7 +19,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
 kube_api_anonymous_auth: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.13.4
+kube_version: v1.13.5
 
 # kubernetes image repo define
 kube_image_repo: "gcr.io/google-containers"

reset.yml

@@ -13,6 +13,12 @@
   vars:
     ansible_connection: local
 
+- hosts: bastion[0]
+  gather_facts: False
+  roles:
+    - { role: kubespray-defaults}
+    - { role: bastion-ssh-config, tags: ["localhost", "bastion"]}
+
 - hosts: all
   gather_facts: true
 

roles/bootstrap-os/tasks/main.yml

@@ -30,7 +30,7 @@
 
 - name: Create remote_tmp for it is used by another module
   file:
-    path: "{{ lookup('config', 'DEFAULT_REMOTE_TMP', on_missing='skip', wantlist=True) | first | default('~/.ansible/tmp') }}"
+    path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}"
     state: directory
     mode: 0700
 

roles/download/defaults/main.yml

@@ -35,7 +35,7 @@ download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube
 image_arch: "{{host_architecture | default('amd64')}}"
 
 # Versions
-kube_version: v1.13.4
+kube_version: v1.13.5
 kubeadm_version: "{{ kube_version }}"
 # Only compatible version with Pi3
 etcd_version: v3.3.12
@@ -98,6 +98,7 @@ hyperkube_checksums:
     v1.13.2: a981aa0950e86a4380526a3a53f465ce013b95f6d9d8139a9df4a6406b67316f
     v1.13.3: 4051e88174fedc0ea643466081ca461d9d175f714594dbe5208559fed0c4ae49
   arm64:
+    v1.13.5: 8ffd84ba0cb6382a0ff96000458db8a83c92cac09458defe8496f0f0e155a6a8 #arm64
     v1.13.4: b9e909e388634d103fe5376aafa313bed5e69293383b0c740de4fe8e18d42d12 #arm64
     v1.13.3: 588037923b7f4090f5f7a3de23ea49a10345295f0b39bd0c1ebdaa24eaa76731 #arm64
     v1.13.2: 7f2c2b0c6dcc81102a89fa41957db214416fc8a0cfae664fc0e150a7d3ad337b #arm64
@@ -127,6 +128,7 @@ hyperkube_checksums:
     v1.10.0-alpha.1: 3915e3dad36db8c6dcfd66331fd6e6f41d5a1f795bed5f02e78cd64b4cf4f77d #arm64
     v1.10.0: 79291c36a8f6ca1350bf6f2344922cbe0b366cd5b376abb83eb207baaf57d379 #arm64
   amd64:
+    v1.13.5: 1a8a357ebfeab8ec62d0c6f11b59df1a93d6711c3a16e1501da32b55c144c73a
     v1.13.4: 6f2d755a350efec8b3b29e0ddf8362f60475cc10d42dea37f8f2159f7776867b
     v1.13.3: b238c772b5e4b9deed0cdc695fe86324660d037b38c6d6d7eeae7d7a657840c7
     v1.13.2: f159b587ec80ad03bf3b9bb09de5d64b773d01b0e34f2a4f1c816879c56aae6d
@@ -172,6 +174,7 @@ kubeadm_checksums:
     v1.13.2: 5bf5d766050245abde802fdea77a85586ce1477e538bcc4fa618bba854c18980
     v1.13.3: 77afb511c895bc6fb0d2ee3198a0c15d89c0f19bf91fb1fb6274634e3e147d4a
   arm64:
+    v1.13.5: 59a1995c171e5c1e74f5d02657eb2c155706f2d159ec1847b64dc866228c40d2 #arm64
     v1.13.4: 4de71d4cfa4dc64127148d48f3a1a1fa7ea24cf0c4fa42957459d0e7f9c03799 #arm64
     v1.13.3: bef1cbc2d199d32a1a31e70b864dc539b24e3c1cb87b50a1295cf03bec4832b0 #arm64
     v1.13.2: 08279a3bfeff8c4f6768d6fd92ceff8276a555f9e81bf9d541112fc8eb29963e #arm64
@@ -201,6 +204,7 @@ kubeadm_checksums:
     v1.10.0-alpha.1: 63480533cf7e8c7a2c2b221a607bdba4f0ab9590c66ba28d073fb3fe06c92706 #arm64
     v1.10.0: 19ebef6450421ace7c4a0703360a7aeba1840a1596a699828e69444cae4ccf4f #arm64
   amd64:
+    v1.13.5: 274bf887039a9993e30f96047a4a474c39e8471c4094acb75aea6beed793f079
     v1.13.4: c4300d1f3ebccad48c8e267e45a736c7d227b0e45ef36582fa8dcfe2ef7b1b10
     v1.13.3: ab767ea53e45aceba628977ef6c8c62eace72d6d232efeaf35ac50cbea5f3739
     v1.13.2: 7cb0ce57c1e6e2d85e05de3780a2f35a191fe93f89cfc5816b424efcf39834b9

roles/etcd/handlers/backup.yml

@@ -52,7 +52,7 @@
     ETCDCTL_API: 3
     ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
     ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
-    ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"
+    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
   retries: 3
   register: etcd_backup_v3_command
   until: etcd_backup_v3_command.rc == 0

roles/kubernetes-apps/ansible/defaults/main.yml

@@ -7,6 +7,7 @@ dns_min_replicas: 2
 dns_nodes_per_replica: 16
 dns_cores_per_replica: 256
 dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'false' }}"
+coredns_ordinal_suffix: ""
 
 # nodelocaldns
 nodelocaldns_cpu_requests: 100m

roles/kubernetes-apps/ansible/tasks/kubedns.yml

@@ -1,18 +1,19 @@
 ---
 
 - name: Kubernetes Apps | Lay Down KubeDNS Template
-  template:
-    src: "{{ item.file }}.j2"
+  action: "{{ item.module }}"
+  args:
+    src: "{{ item.file }}{% if item.module == 'template' %}.j2{% endif %}"
     dest: "{{ kube_config_dir }}/{{ item.file }}"
   with_items:
-    - { name: kube-dns, file: kubedns-sa.yml, type: sa }
-    - { name: kube-dns, file: kubedns-config.yml, type: configmap }
-    - { name: kube-dns, file: kubedns-deploy.yml, type: deployment }
-    - { name: kube-dns, file: kubedns-svc.yml, type: svc }
-    - { name: dns-autoscaler, file: dns-autoscaler-sa.yml, type: sa }
-    - { name: dns-autoscaler, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
-    - { name: dns-autoscaler, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
-    - { name: dns-autoscaler, file: dns-autoscaler.yml, type: deployment }
+    - { name: kube-dns, module: template, file: kubedns-sa.yml, type: sa }
+    - { name: kube-dns, module: template, file: kubedns-config.yml, type: configmap }
+    - { name: kube-dns, module: template, file: kubedns-deploy.yml, type: deployment }
+    - { name: kube-dns, module: template, file: kubedns-svc.yml, type: svc }
+    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-sa.yml, type: sa }
+    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrole.yml, type: clusterrole }
+    - { name: dns-autoscaler, module: copy, file: dns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding }
+    - { name: dns-autoscaler, module: template, file: dns-autoscaler.yml, type: deployment }
   register: kubedns_manifests
   when:
     - dns_mode in ['kubedns','dnsmasq_kubedns']

roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2

@@ -14,15 +14,15 @@ data:
         kubernetes {{ dns_domain }} in-addr.arpa ip6.arpa {
           pods insecure
 {% if resolvconf_mode == 'host_resolvconf' and upstream_dns_servers is defined and upstream_dns_servers|length > 0 %}
-          upstream {{ upstream_dns_servers|join(' ') }}
+          upstream {{ upstream_dns_servers.join(' ') }}
 {% else %}
           upstream /etc/resolv.conf
 {% endif %}
           fallthrough in-addr.arpa ip6.arpa
         }
         prometheus :9153
 {% if resolvconf_mode == 'host_resolvconf' and upstream_dns_servers is defined and upstream_dns_servers|length > 0 %}
-        proxy . {{ upstream_dns_servers|join(' ') }}
+        proxy . {{ upstream_dns_servers.join(' ') }}
 {% else %}
         proxy . /etc/resolv.conf
 {% endif %}

roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2

@@ -2,13 +2,13 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: "coredns{{ coredns_ordinal_suffix | default('') }}"
+  name: "coredns{{ coredns_ordinal_suffix }}"
   namespace: kube-system
   labels:
-    k8s-app: "coredns{{ coredns_ordinal_suffix | default('') }}"
+    k8s-app: "coredns{{ coredns_ordinal_suffix }}"
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}"
+    kubernetes.io/name: "coredns{{ coredns_ordinal_suffix }}"
 spec:
   strategy:
     type: RollingUpdate
@@ -17,17 +17,15 @@ spec:
       maxSurge: 10%
   selector:
     matchLabels:
-      k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
+      k8s-app: coredns{{ coredns_ordinal_suffix }}
   template:
     metadata:
       labels:
-        k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
+        k8s-app: coredns{{ coredns_ordinal_suffix }}
       annotations:
         seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
-{% if kube_version is version('v1.11.1', '>=') %}
       priorityClassName: system-cluster-critical
-{% endif %}
       nodeSelector:
         beta.kubernetes.io/os: linux
       serviceAccountName: coredns
@@ -42,7 +40,7 @@ spec:
           - topologyKey: "kubernetes.io/hostname"
             labelSelector:
               matchLabels:
-                k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
+                k8s-app: coredns{{ coredns_ordinal_suffix }}
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
           - weight: 100

roles/kubernetes-apps/ansible/templates/coredns-svc.yml.j2

@@ -2,20 +2,20 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: coredns{{ coredns_ordinal_suffix | default('') }}
+  name: coredns{{ coredns_ordinal_suffix }}
   namespace: kube-system
   labels:
-    k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
+    k8s-app: coredns{{ coredns_ordinal_suffix }}
     kubernetes.io/cluster-service: "true"
-    kubernetes.io/name: "coredns{{ coredns_ordinal_suffix | default('') }}"
+    kubernetes.io/name: "coredns{{ coredns_ordinal_suffix }}"
     addonmanager.kubernetes.io/mode: Reconcile
   annotations:
     prometheus.io/path: /metrics
     prometheus.io/port: "9153"
     prometheus.io/scrape: "true"
 spec:
   selector:
-    k8s-app: coredns{{ coredns_ordinal_suffix | default('') }}
+    k8s-app: coredns{{ coredns_ordinal_suffix }}
   clusterIP: {{ clusterIP }}
   ports:
     - name: dns

roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2

@@ -16,20 +16,20 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: dns-autoscaler{{ coredns_ordinal_suffix | default('') }}
+  name: dns-autoscaler{{ coredns_ordinal_suffix }}
   namespace: kube-system
   labels:
-    k8s-app: dns-autoscaler{{ coredns_ordinal_suffix | default('') }}
+    k8s-app: dns-autoscaler{{ coredns_ordinal_suffix }}
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile
 spec:
   selector:
     matchLabels:
-      k8s-app: dns-autoscaler{{ coredns_ordinal_suffix | default('') }}
+      k8s-app: dns-autoscaler{{ coredns_ordinal_suffix }}
   template:
     metadata:
       labels:
-        k8s-app: dns-autoscaler{{ coredns_ordinal_suffix | default('') }}
+        k8s-app: dns-autoscaler{{ coredns_ordinal_suffix }}
       annotations:
         seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
     spec:
@@ -48,7 +48,7 @@ spec:
           - topologyKey: "kubernetes.io/hostname"
             labelSelector:
               matchLabels:
-                k8s-app: dns-autoscaler{{ coredns_ordinal_suffix | default('') }}
+                k8s-app: dns-autoscaler{{ coredns_ordinal_suffix }}
         nodeAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
           - weight: 100
@@ -71,9 +71,9 @@ spec:
         - --default-params={"linear":{"preventSinglePointFailure":{{ dns_prevent_single_point_failure }},"coresPerReplica":{{ dns_cores_per_replica }},"nodesPerReplica":{{ dns_nodes_per_replica }},"min":{{ dns_min_replicas }}}}
         - --logtostderr=true
         - --v=2
-        - --configmap=dns-autoscaler{{ coredns_ordinal_suffix | default('') }}
+        - --configmap=dns-autoscaler{{ coredns_ordinal_suffix }}
 {% if dns_mode in ['coredns', 'coredns_dual'] %}
-        - --target=Deployment/coredns{{ coredns_ordinal_suffix | default('') }}
+        - --target=Deployment/coredns{{ coredns_ordinal_suffix }}
 {% endif %}
 {% if dns_mode in ['kubedns', 'dnsmasq_kubedns'] %}
         - --target=Deployment/kube-dns