Revert "[Kubernetes]: The kube server could be used as http-proxy for docker (sonic-net#7469)" (sonic-net#8023)

This change causes nightly test to fail due to the fake proxy IP is not reachable.

Reverts sonic-net#7469

This reverts commit f7ed82f.

Author: yxieca

build_debian.sh

@@ -237,6 +237,7 @@ then
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=${KUBERNETES_VERSION}-00
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=${KUBERNETES_VERSION}-00
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubeadm=${KUBERNETES_VERSION}-00
+    # kubeadm package auto install kubelet & kubectl
 else
     echo '[INFO] Skipping Install kubernetes'
 fi

files/build_templates/sonic_debian_extension.j2

@@ -448,10 +448,6 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install azure-
 sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install watchdog==0.10.3
 
 {% if include_kubernetes == "y" %}
-# Point to kubelet to /etc/resolv.conf
-#
-echo 'KUBELET_EXTRA_ARGS="--resolv-conf=/etc/resolv.conf"' | sudo tee -a  $FILESYSTEM_ROOT/etc/default/kubelet
-
 # Copy Flannel conf file into sonic-templates
 #
 sudo cp $BUILD_TEMPLATES/kube_cni.10-flannel.conflist $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
@@ -472,25 +468,6 @@ sudo cp ${files_path}/container_startup.py ${FILESYSTEM_ROOT_USR_SHARE_SONIC_SCR
 sudo chmod a+x ${FILESYSTEM_ROOT_USR_SHARE_SONIC_SCRIPTS}/container_startup.py
 
 # Config file used by container mgmt scripts/service
-fl="${files_path}/remote_ctr.config.json"
-use_k8s_as_http_proxy=$(python3 -c 'import json
-with open("'${fl}'", "r") as s:
-    d=json.load(s);print(d.get("use_k8s_as_http_proxy", ""))
-')
-if [ "${use_k8s_as_http_proxy}" == "y" ]; then
-    # create proxy files for docker using private IP which will
-    # be later directed to k8s master upon config
-    PROXY_INFO="http://172.16.1.1:3128/"
-    cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/http_proxy.conf > /dev/null
-[Service]
-Environment="HTTP_PROXY=${PROXY_INFO}"
-EOT
-    cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/https_proxy.conf > /dev/null
-[Service]
-Environment="HTTPS_PROXY=${PROXY_INFO}"
-EOT
-fi
-
 sudo cp ${files_path}/remote_ctr.config.json ${FILESYSTEM_ROOT_ETC_SONIC}/
 
 # Remote container management service files

rules/config

@@ -142,7 +142,6 @@ INCLUDE_NAT = y
 # TELEMETRY_WRITABLE - Enable write/config operations via the gNMI interface.
 # Uncomment to enable:
 # TELEMETRY_WRITABLE = y
-
 # INCLUDE_KUBERNETES - if set to y kubernetes packages are installed to be able to
 # run as worker node in kubernetes cluster.
 INCLUDE_KUBERNETES = n
@@ -155,9 +154,9 @@ INCLUDE_MACSEC = y
 # These are Used *only* when INCLUDE_KUBERNETES=y
 # NOTE: As a worker node it has to run version compatible to kubernetes master.
 #
-KUBERNETES_VERSION = 1.21.1
-KUBERNETES_CNI_VERSION = 0.8.7
-K8s_GCR_IO_PAUSE_VERSION = 3.4.1
+KUBERNETES_VERSION = 1.18.6
+KUBERNETES_CNI_VERSION = 0.8.6
+K8s_GCR_IO_PAUSE_VERSION = 3.2
 
 # SONIC_ENABLE_IMAGE_SIGNATURE - enable image signature
 # To not use the auto-generated self-signed certificate, the required files to sign the image as below:

src/sonic-ctrmgrd/ctrmgr/ctrmgr_iptables.py

@@ -8,7 +8,6 @@
 import syslog
 
 from collections import defaultdict
-from ctrmgr.ctrmgr_iptables import iptable_proxy_rule_upd
 
 from swsscommon import swsscommon
 from sonic_py_common import device_info
@@ -88,13 +87,11 @@
 JOIN_LATENCY = "join_latency_on_boot_seconds"
 JOIN_RETRY = "retry_join_interval_seconds"
 LABEL_RETRY = "retry_labels_update_seconds"
-USE_K8S_PROXY = "use_k8s_as_http_proxy"
 
 remote_ctr_config = {
     JOIN_LATENCY: 10,
     JOIN_RETRY: 10,
-    LABEL_RETRY: 2,
-    USE_K8S_PROXY: ""
+    LABEL_RETRY: 2
     }
 
 def log_debug(m):
@@ -312,9 +309,6 @@ def __init__(self, server):
 
         self.start_time = datetime.datetime.now()
 
-        if remote_ctr_config[USE_K8S_PROXY] == "y":
-            iptable_proxy_rule_upd(self.cfg_server[CFG_SER_IP])
-
         if not self.st_server[ST_FEAT_UPDATE_TS]:
             # This is upon system start. Sleep 10m before join
             self.start_time += datetime.timedelta(
@@ -342,9 +336,6 @@ def on_config_update(self, key, op, data):
         log_debug("Received config update: {}".format(str(data)))
         self.cfg_server = cfg_data
 
-        if remote_ctr_config[USE_K8S_PROXY] == "y":
-            iptable_proxy_rule_upd(self.cfg_server[CFG_SER_IP])
-
         if self.pending:
             tnow = datetime.datetime.now()
             if tnow < self.start_time:
@@ -368,7 +359,7 @@ def handle_update(self):
 
         ip = self.cfg_server[CFG_SER_IP]
         disable = self.cfg_server[CFG_SER_DISABLE] != "false"
-
+        
         pre_state = dict(self.st_server)
         log_debug("server: handle_update: disable={} ip={}".format(disable, ip))
         if disable or not ip:

src/sonic-ctrmgrd/ctrmgr/ctrmgrd.py

@@ -1,9 +1,8 @@
 [Unit]
 Description=Container Manager watcher daemon
-Requires=caclmgrd.service
-After=caclmgrd.service
-BindsTo=sonic.target
-After=sonic.target
+Requires=updategraph.service
+After=updategraph.service
+
 
 [Service]
 Type=simple
@@ -12,4 +11,4 @@ Restart=always
 RestartSec=30
 
 [Install]
-WantedBy=sonic.target
+WantedBy=multi-user.target

src/sonic-ctrmgrd/ctrmgr/ctrmgrd.service

@@ -2,7 +2,6 @@
     "join_latency_on_boot_seconds": 300,
     "retry_join_interval_seconds": 30,
     "retry_labels_update_seconds": 5,
-    "revert_to_local_on_wait_seconds": 60,
-    "use_k8s_as_http_proxy": "y"
+    "revert_to_local_on_wait_seconds": 60
 }