From 5043dcde53a4259404ee37b122189d16b774820a Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sat, 22 Sep 2018 00:02:37 -0700
Subject: [PATCH] Update Kubernetes from v1.11.3 to v1.12.1

* Mount an empty dir for the controller-manager to work around
https://github.com/kubernetes/kubernetes/issues/68973
* Update coreos/pod-checkpointer to strip affinity from
checkpointed pod manifests. Kubernetes v1.12.0-rc.1 introduced
a default affinity that appears on checkpointed manifests; but
it prevented scheduling and checkpointed pods should not have an
affinity, they're run directly by the Kubelet on the local node
* https://github.com/kubernetes-incubator/bootkube/issues/1001
* https://github.com/kubernetes/kubernetes/pull/68173
---
 container-linux/kubernetes/README.md                    | 2 +-
 container-linux/kubernetes/bootkube.tf                  | 2 +-
 container-linux/kubernetes/cl/controller.yaml.tmpl      | 2 +-
 container-linux/kubernetes/cl/worker.yaml.tmpl          | 2 +-
 fedora-atomic/kubernetes/README.md                      | 2 +-
 fedora-atomic/kubernetes/bootkube.tf                    | 2 +-
 fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl | 2 +-
 fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl     | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/container-linux/kubernetes/README.md b/container-linux/kubernetes/README.md
index a9f73e01f..2177e5e59 100644
--- a/container-linux/kubernetes/README.md
+++ b/container-linux/kubernetes/README.md
@@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
 
 ## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
 
-* Kubernetes v1.11.3 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
+* Kubernetes v1.12.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
 * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
 * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
 * Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
diff --git a/container-linux/kubernetes/bootkube.tf b/container-linux/kubernetes/bootkube.tf
index 6a7b8504a..e0dce7ae5 100644
--- a/container-linux/kubernetes/bootkube.tf
+++ b/container-linux/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=2437023c1050609b749850e9b2301a6f00713680"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=81f19507faabf411db9c760d55f3d03f7d78f4c9"
 
   cluster_name                    = "${var.cluster_name}"
   api_servers                     = ["${var.k8s_domain_name}"]
diff --git a/container-linux/kubernetes/cl/controller.yaml.tmpl b/container-linux/kubernetes/cl/controller.yaml.tmpl
index fa26afe88..806cd409a 100644
--- a/container-linux/kubernetes/cl/controller.yaml.tmpl
+++ b/container-linux/kubernetes/cl/controller.yaml.tmpl
@@ -123,7 +123,7 @@ storage:
       contents:
         inline: |
           KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube
-          KUBELET_IMAGE_TAG=v1.11.3
+          KUBELET_IMAGE_TAG=v1.12.1
     - path: /etc/hostname
       filesystem: root
       mode: 0644
diff --git a/container-linux/kubernetes/cl/worker.yaml.tmpl b/container-linux/kubernetes/cl/worker.yaml.tmpl
index c3c4b95cd..4cb85f008 100644
--- a/container-linux/kubernetes/cl/worker.yaml.tmpl
+++ b/container-linux/kubernetes/cl/worker.yaml.tmpl
@@ -84,7 +84,7 @@ storage:
       contents:
         inline: |
           KUBELET_IMAGE_URL=docker://k8s.gcr.io/hyperkube
-          KUBELET_IMAGE_TAG=v1.11.3
+          KUBELET_IMAGE_TAG=v1.12.1
     - path: /etc/hostname
       filesystem: root
       mode: 0644
diff --git a/fedora-atomic/kubernetes/README.md b/fedora-atomic/kubernetes/README.md
index a9f73e01f..2177e5e59 100644
--- a/fedora-atomic/kubernetes/README.md
+++ b/fedora-atomic/kubernetes/README.md
@@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
 
 ## Features <a href="https://www.cncf.io/certification/software-conformance/"><img align="right" src="https://storage.googleapis.com/poseidon/certified-kubernetes.png"></a>
 
-* Kubernetes v1.11.3 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
+* Kubernetes v1.12.1 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
 * Single or multi-master, workloads isolated on workers, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking
 * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
 * Ready for Ingress, Prometheus, Grafana, and other optional [addons](https://typhoon.psdn.io/addons/overview/)
diff --git a/fedora-atomic/kubernetes/bootkube.tf b/fedora-atomic/kubernetes/bootkube.tf
index 83bbe1b70..b17d8a1dc 100644
--- a/fedora-atomic/kubernetes/bootkube.tf
+++ b/fedora-atomic/kubernetes/bootkube.tf
@@ -1,6 +1,6 @@
 # Self-hosted Kubernetes assets (kubeconfig, manifests)
 module "bootkube" {
-  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=2437023c1050609b749850e9b2301a6f00713680"
+  source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=81f19507faabf411db9c760d55f3d03f7d78f4c9"
 
   cluster_name          = "${var.cluster_name}"
   api_servers           = ["${var.k8s_domain_name}"]
diff --git a/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl b/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
index 6f5fff1b6..90f0da80e 100644
--- a/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
+++ b/fedora-atomic/kubernetes/cloudinit/controller.yaml.tmpl
@@ -84,7 +84,7 @@ runcmd:
   - [systemctl, restart, NetworkManager]
   - [hostnamectl, set-hostname, ${domain_name}]
   - "atomic install --system --name=etcd quay.io/poseidon/etcd:v3.3.10"
-  - "atomic install --system --name=kubelet quay.io/poseidon/kubelet:v1.11.3"
+  - "atomic install --system --name=kubelet quay.io/poseidon/kubelet:v1.12.1"
   - "atomic install --system --name=bootkube quay.io/poseidon/bootkube:v0.13.0"
   - [systemctl, start, --no-block, etcd.service]
   - [systemctl, enable, kubelet.path]
diff --git a/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl b/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
index ea6b554f7..cd77449a2 100644
--- a/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
+++ b/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl
@@ -59,7 +59,7 @@ runcmd:
   - [systemctl, daemon-reload]
   - [systemctl, restart, NetworkManager]
   - [hostnamectl, set-hostname, ${domain_name}]
-  - "atomic install --system --name=kubelet quay.io/poseidon/kubelet:v1.11.3"
+  - "atomic install --system --name=kubelet quay.io/poseidon/kubelet:v1.12.1"
   - [systemctl, enable, kubelet.path]
   - [systemctl, start, --no-block, kubelet.path]
 users: