From 7e73adadab04761c55f039dfc3e799b2ab71c6ed Mon Sep 17 00:00:00 2001
From: Markus Rudy <mr@edgeless.systems>
Date: Thu, 4 Jul 2024 14:29:47 +0200
Subject: [PATCH] bootstrapper: don't install coredns addon

---
 .../internal/kubernetes/k8sapi/k8sutil.go     |  3 +-
 .../internal/kubernetes/kubernetes.go         |  4 --
 internal/kubernetes/kubectl/kubectl.go        | 59 -------------------
 3 files changed, 1 insertion(+), 65 deletions(-)

diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
index 19713e00eb4..d2ec6e78f7b 100644
--- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
@@ -48,7 +48,6 @@ type Client interface {
 	AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error
 	ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList, error)
 	AnnotateNode(ctx context.Context, nodeName, annotationKey, annotationValue string) error
-	EnforceCoreDNSSpread(ctx context.Context) error
 	PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR string) error
 }
 
@@ -150,7 +149,7 @@ func (k *KubernetesUtil) InitCluster(
 
 	// initialize the cluster
 	log.Info("Initializing the cluster using kubeadm init")
-	skipPhases := "--skip-phases=preflight,certs"
+	skipPhases := "--skip-phases=preflight,certs,addon/coredns"
 	if !conformanceMode {
 		skipPhases += ",addon/kube-proxy"
 	}
diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go
index d4e916f0f4d..13c387d239c 100644
--- a/bootstrapper/internal/kubernetes/kubernetes.go
+++ b/bootstrapper/internal/kubernetes/kubernetes.go
@@ -165,10 +165,6 @@ func (k *KubeWrapper) InitCluster(
 		return nil, fmt.Errorf("waiting for Kubernetes API to be available: %w", err)
 	}
 
-	if err := k.client.EnforceCoreDNSSpread(ctx); err != nil {
-		return nil, fmt.Errorf("configuring CoreDNS deployment: %w", err)
-	}
-
 	// Setup the K8s components ConfigMap.
 	k8sComponentsConfigMap, err := k.setupK8sComponentsConfigMap(ctx, kubernetesComponents, versionString)
 	if err != nil {
diff --git a/internal/kubernetes/kubectl/kubectl.go b/internal/kubernetes/kubectl/kubectl.go
index f6148808242..dae2e2db6fd 100644
--- a/internal/kubernetes/kubectl/kubectl.go
+++ b/internal/kubernetes/kubectl/kubectl.go
@@ -188,65 +188,6 @@ func (k *Kubectl) PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR st
 	return err
 }
 
-// EnforceCoreDNSSpread adds a pod anti-affinity to the CoreDNS deployment to ensure that
-// CoreDNS pods are spread across nodes.
-func (k *Kubectl) EnforceCoreDNSSpread(ctx context.Context) error {
-	// allow CoreDNS Pods to run on uninitialized nodes, which is required by cloud-controller-manager
-	tolerationSeconds := int64(10)
-	tolerations := []corev1.Toleration{
-		{
-			Key:    "node.cloudprovider.kubernetes.io/uninitialized",
-			Value:  "true",
-			Effect: corev1.TaintEffectNoSchedule,
-		},
-		{
-			Key:               "node.kubernetes.io/unreachable",
-			Operator:          corev1.TolerationOpExists,
-			Effect:            corev1.TaintEffectNoExecute,
-			TolerationSeconds: &tolerationSeconds,
-		},
-	}
-
-	deployments := k.AppsV1().Deployments("kube-system")
-	// retry resource update if an error occurs
-	return retry.RetryOnConflict(retry.DefaultRetry, func() error {
-		result, err := deployments.Get(ctx, "coredns", metav1.GetOptions{})
-		if err != nil {
-			return fmt.Errorf("failed to get Deployment to add toleration: %w", err)
-		}
-
-		result.Spec.Template.Spec.Tolerations = append(result.Spec.Template.Spec.Tolerations, tolerations...)
-
-		if result.Spec.Template.Spec.Affinity == nil {
-			result.Spec.Template.Spec.Affinity = &corev1.Affinity{}
-		}
-		if result.Spec.Template.Spec.Affinity.PodAntiAffinity == nil {
-			result.Spec.Template.Spec.Affinity.PodAntiAffinity = &corev1.PodAntiAffinity{}
-		}
-		result.Spec.Template.Spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution = []corev1.WeightedPodAffinityTerm{}
-		if result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution == nil {
-			result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = []corev1.PodAffinityTerm{}
-		}
-
-		result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = append(result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution,
-			corev1.PodAffinityTerm{
-				LabelSelector: &metav1.LabelSelector{
-					MatchExpressions: []metav1.LabelSelectorRequirement{
-						{
-							Key:      "k8s-app",
-							Operator: metav1.LabelSelectorOpIn,
-							Values:   []string{"kube-dns"},
-						},
-					},
-				},
-				TopologyKey: "kubernetes.io/hostname",
-			})
-
-		_, err = deployments.Update(ctx, result, metav1.UpdateOptions{})
-		return err
-	})
-}
-
 // AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified
 // by name and namespace.
 //