From 7a322f0a0848e4e21bacfd02fb13483947b166ee Mon Sep 17 00:00:00 2001
From: portdirect <pete@port.direct>
Date: Sun, 11 Feb 2018 13:41:49 -0500
Subject: [PATCH] KubeADM: Label namespaces

This PS removes the duplicate labeling of K8s namespaces everytime
the kubeadm image is run - as this action is performed by the
container itself while deploying k8s. It also updates the playbook
to label the kube-public ns.

Change-Id: Icfaabe54d263e0bbc52f2ac11835cb5d92ad32a4
---
 .../tasks/util-kubeadm-aio-run.yaml              |  6 ------
 .../roles/deploy-kubeadm-master/tasks/main.yaml  | 16 ++++++++--------
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml
index 7e9cb33a0..c184190ce 100644
--- a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml
+++ b/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml
@@ -69,9 +69,3 @@
       docker_container:
         name: "kubeadm-{{ kubeadm_aio_action }}"
         state: absent
-    - name: add labels to namespace
-      command: kubectl label --overwrite namespace {{ item }} name={{ item }}
-      with_items:
-        - default
-        - kube-system
-      ignore_errors: True
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
index 2a7b28033..bd7b16797 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
@@ -192,6 +192,14 @@
       when: kube_public_configmap_rolebinding_exists | failed
       command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf -n kube-public create rolebinding kubeadm:bootstrap-signer-clusterinfo --role system:bootstrap-signer-clusterinfo --user system:anonymous
 
+- name: adding labels to namespace to support network policy
+  delegate_to: 127.0.0.1
+  command: kubectl --kubeconfig=/mnt/rootfs/etc/kubernetes/admin.conf  label --overwrite namespace {{ item }} name={{ item }}
+  with_items:
+    - default
+    - kube-system
+    - kube-public
+
 - name: converting the cluster to be selfhosted
   when: k8s.selfHosted|bool == true
   delegate_to: 127.0.0.1
@@ -219,11 +227,3 @@
         owner: "{{ vars.user.uid }}"
         group: "{{ vars.user.gid }}"
         mode: 0600
-
-- name: add labels to namespace
-  delegate_to: 127.0.0.1
-  command: kubectl label --overwrite namespace {{ item }} name={{ item }}
-  with_items:
-    - default
-    - kube-system
-  ignore_errors: True