From 5505504d89351038bacc0a97e9a999967b96dfed Mon Sep 17 00:00:00 2001
From: Artiom Diomin <kron82@gmail.com>
Date: Sat, 22 Jan 2022 18:31:38 +0200
Subject: [PATCH 1/3] Configure proxy in environment even on cluster updates

Signed-off-by: Artiom Diomin <kron82@gmail.com>
---
 pkg/scripts/kubeadm.go              | 10 ++++++----
 pkg/scripts/kubeadm_test.go         | 15 ++++++++++++---
 pkg/scripts/os.go                   |  1 -
 pkg/scripts/proxy.go                | 26 ++++++++++----------------
 pkg/scripts/proxy_test.go           |  4 ++--
 pkg/scripts/render.go               | 11 -----------
 pkg/tasks/kubeadm_upgrade.go        | 13 +++++++++----
 pkg/tasks/prerequisites.go          | 22 ++++++++++++++++------
 pkg/tasks/upgrade_follower.go       |  6 +++++-
 pkg/tasks/upgrade_leader.go         |  6 +++++-
 pkg/tasks/upgrade_static_workers.go |  4 ++++
 11 files changed, 69 insertions(+), 49 deletions(-)

diff --git a/pkg/scripts/kubeadm.go b/pkg/scripts/kubeadm.go
index 64eeb7a2f..26c88113a 100644
--- a/pkg/scripts/kubeadm.go
+++ b/pkg/scripts/kubeadm.go
@@ -57,8 +57,8 @@ var (
 		sudo rm -rf /etc/kubeone
 	`)
 
-	kubeadmUpgradeLeaderScriptTemplate = heredoc.Doc(`
-		sudo {{ .KUBEADM_UPGRADE }} --config={{ .WORK_DIR }}/cfg/master_0.yaml
+	kubeadmUpgradeScriptTemplate = heredoc.Doc(`
+		sudo {{ .KUBEADM_UPGRADE }}{{ if .LEADER }} --config={{ .WORK_DIR }}/cfg/master_{{ .NODE_ID }}.yaml{{ end }}
 	`)
 
 	kubeadmPauseImageVersionScriptTemplate = heredoc.Doc(`
@@ -110,10 +110,12 @@ func KubeadmReset(verboseFlag, workdir string) (string, error) {
 	})
 }
 
-func KubeadmUpgradeLeader(kubeadmCmd, workdir string) (string, error) {
-	return Render(kubeadmUpgradeLeaderScriptTemplate, map[string]interface{}{
+func KubeadmUpgrade(kubeadmCmd, workdir string, leader bool, nodeID int) (string, error) {
+	return Render(kubeadmUpgradeScriptTemplate, map[string]interface{}{
 		"KUBEADM_UPGRADE": kubeadmCmd,
 		"WORK_DIR":        workdir,
+		"NODE_ID":         nodeID,
+		"LEADER":          leader,
 	})
 }
 
diff --git a/pkg/scripts/kubeadm_test.go b/pkg/scripts/kubeadm_test.go
index 4d73e857a..71a771148 100644
--- a/pkg/scripts/kubeadm_test.go
+++ b/pkg/scripts/kubeadm_test.go
@@ -245,12 +245,13 @@ func TestKubeadmReset(t *testing.T) {
 	}
 }
 
-func TestKubeadmUpgradeLeader(t *testing.T) {
+func TestKubeadmUpgrade(t *testing.T) {
 	t.Parallel()
 
 	type args struct {
 		kubeadmCmd string
 		workdir    string
+		leader     bool
 	}
 	tests := []struct {
 		name string
@@ -261,7 +262,15 @@ func TestKubeadmUpgradeLeader(t *testing.T) {
 			name: "v1beta2",
 			args: args{
 				workdir:    "test-wd",
-				kubeadmCmd: "kubeadm upgrade node --certificate-renewal=true",
+				kubeadmCmd: "kubeadm upgrade node",
+			},
+		},
+		{
+			name: "leader",
+			args: args{
+				workdir:    "some",
+				kubeadmCmd: "kubeadm upgrade apply -y --certificate-renewal=true v1.1.1",
+				leader:     true,
 			},
 		},
 	}
@@ -269,7 +278,7 @@ func TestKubeadmUpgradeLeader(t *testing.T) {
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := KubeadmUpgradeLeader(tt.args.kubeadmCmd, tt.args.workdir)
+			got, err := KubeadmUpgrade(tt.args.kubeadmCmd, tt.args.workdir, tt.args.leader, 0)
 			if err != tt.err {
 				t.Errorf("KubeadmUpgradeLeader() error = %v, wantErr %v", err, tt.err)
 				return
diff --git a/pkg/scripts/os.go b/pkg/scripts/os.go
index f417b30ad..961f053e4 100644
--- a/pkg/scripts/os.go
+++ b/pkg/scripts/os.go
@@ -34,7 +34,6 @@ var migrateToContainerdScriptTemplate = heredoc.Doc(`
 	sudo docker ps -qa | xargs sudo docker rm || true
 
 	{{ template "container-runtime-daemon-config" . }}
-	{{ template "containerd-systemd-environment" . }}
 	{{ if .IS_FLATCAR -}}
 	{{ template "flatcar-systemd-drop-in" . }}
 	{{ end -}}
diff --git a/pkg/scripts/proxy.go b/pkg/scripts/proxy.go
index 507d74f3a..2b69860d0 100644
--- a/pkg/scripts/proxy.go
+++ b/pkg/scripts/proxy.go
@@ -21,22 +21,14 @@ import (
 )
 
 const (
-	daemonsProxyScript = `
-sudo mkdir -p /etc/systemd/system/docker.service.d
-cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf
+	daemonsEnvironmentScriptTemplate = `
+{{- range .SYSTEMD_SERVICES }}
+sudo mkdir -p /etc/systemd/system/{{ . }}.service.d
+cat <<EOF | sudo tee /etc/systemd/system/{{ . }}.service.d/http-proxy.conf
 [Service]
-EnvironmentFile=/etc/kubeone/proxy-env
+EnvironmentFile=/etc/environment
 EOF
-
-sudo mkdir -p /etc/systemd/system/kubelet.service.d
-cat <<EOF | sudo tee /etc/systemd/system/kubelet.service.d/http-proxy.conf
-[Service]
-EnvironmentFile=/etc/kubeone/proxy-env
-EOF
-
-sudo systemctl daemon-reload
-if sudo systemctl status docker &>/dev/null; then sudo systemctl restart docker; fi
-if sudo systemctl status kubelet &>/dev/null; then sudo systemctl restart kubelet; fi
+{{ end }}
 `
 
 	environmentFileCmd = `
@@ -77,6 +69,8 @@ func EnvironmentFile(cluster *kubeone.KubeOneCluster) (string, error) {
 	})
 }
 
-func DaemonsProxy() (string, error) {
-	return Render(daemonsProxyScript, nil)
+func DaemonsEnvironmentDropIn(daemons ...string) (string, error) {
+	return Render(daemonsEnvironmentScriptTemplate, Data{
+		"SYSTEMD_SERVICES": daemons,
+	})
 }
diff --git a/pkg/scripts/proxy_test.go b/pkg/scripts/proxy_test.go
index 3da357547..d960b0d27 100644
--- a/pkg/scripts/proxy_test.go
+++ b/pkg/scripts/proxy_test.go
@@ -81,10 +81,10 @@ func TestEnvironmentFile(t *testing.T) {
 	}
 }
 
-func TestDaemonsProxy(t *testing.T) {
+func TestTestDaemonsProxy(t *testing.T) {
 	t.Parallel()
 
-	got, err := DaemonsProxy()
+	got, err := DaemonsEnvironmentDropIn("docker", "containerd", "kubelet")
 	if err != nil {
 		t.Errorf("DaemonsProxy() error = %v", err)
 		return
diff --git a/pkg/scripts/render.go b/pkg/scripts/render.go
index 8a9fbf3ee..8cf2938b4 100644
--- a/pkg/scripts/render.go
+++ b/pkg/scripts/render.go
@@ -44,17 +44,7 @@ var (
 			{{- end }}
 		`),
 
-		"containerd-systemd-environment": heredoc.Doc(`
-			sudo mkdir -p /etc/systemd/system/containerd.service.d
-			cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-			[Service]
-			Restart=always
-			EnvironmentFile=-/etc/environment
-			EOF
-		`),
-
 		"containerd-systemd-setup": heredoc.Doc(`
-			{{ template "containerd-systemd-environment" . }}
 			sudo systemctl daemon-reload
 			sudo systemctl enable containerd
 			sudo systemctl restart containerd
@@ -207,7 +197,6 @@ var (
 
 		"flatcar-docker": heredoc.Doc(`
 			{{ template "container-runtime-daemon-config" . }}
-			{{ template "containerd-systemd-environment" . }}
 			sudo systemctl daemon-reload
 			sudo systemctl enable --now docker
 			sudo systemctl restart docker
diff --git a/pkg/tasks/kubeadm_upgrade.go b/pkg/tasks/kubeadm_upgrade.go
index 7e7fbfefd..4a372b939 100644
--- a/pkg/tasks/kubeadm_upgrade.go
+++ b/pkg/tasks/kubeadm_upgrade.go
@@ -24,13 +24,13 @@ import (
 	"k8c.io/kubeone/pkg/templates/kubeadm"
 )
 
-func upgradeLeaderControlPlane(s *state.State) error {
+func upgradeLeaderControlPlane(s *state.State, nodeID int) error {
 	kadm, err := kubeadm.New(s.Cluster.Versions.Kubernetes)
 	if err != nil {
 		return errors.Wrap(err, "failed to init kubeadm")
 	}
 
-	cmd, err := scripts.KubeadmUpgradeLeader(kadm.UpgradeLeaderCommand(), s.WorkDir)
+	cmd, err := scripts.KubeadmUpgrade(kadm.UpgradeLeaderCommand(), s.WorkDir, true, nodeID)
 	if err != nil {
 		return err
 	}
@@ -40,13 +40,18 @@ func upgradeLeaderControlPlane(s *state.State) error {
 	return err
 }
 
-func upgradeFollowerControlPlane(s *state.State) error {
+func upgradeFollowerControlPlane(s *state.State, nodeID int) error {
 	kadm, err := kubeadm.New(s.Cluster.Versions.Kubernetes)
 	if err != nil {
 		return errors.Wrap(err, "failed to init kubadm")
 	}
 
-	_, _, err = s.Runner.Run(`sudo `+kadm.UpgradeFollowerCommand(), nil)
+	cmd, err := scripts.KubeadmUpgrade(kadm.UpgradeFollowerCommand(), s.WorkDir, false, nodeID)
+	if err != nil {
+		return err
+	}
+
+	_, _, err = s.Runner.RunRaw(cmd)
 	return err
 }
 
diff --git a/pkg/tasks/prerequisites.go b/pkg/tasks/prerequisites.go
index d2e044aa7..ef6dd0ccc 100644
--- a/pkg/tasks/prerequisites.go
+++ b/pkg/tasks/prerequisites.go
@@ -21,6 +21,7 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 
 	kubeoneapi "k8c.io/kubeone/pkg/apis/kubeone"
 	"k8c.io/kubeone/pkg/scripts"
@@ -85,18 +86,27 @@ func generateConfigurationFiles(s *state.State) error {
 func installPrerequisitesOnNode(s *state.State, node *kubeoneapi.HostConfig, _ ssh.Connection) error {
 	logger := s.Logger.WithField("os", node.OperatingSystem)
 
+	err := setupProxy(logger, s)
+	if err != nil {
+		return err
+	}
+
+	logger.Infoln("Installing kubeadm...")
+	return errors.Wrap(installKubeadm(s, *node), "failed to install kubeadm")
+}
+
+func setupProxy(logger *logrus.Entry, s *state.State) error {
 	logger.Infoln("Creating environment file...")
 	if err := createEnvironmentFile(s); err != nil {
 		return errors.Wrap(err, "failed to create environment file")
 	}
 
 	logger.Infoln("Configuring proxy...")
-	if err := configureProxy(s); err != nil {
+	if err := containerRuntimeEnvironment(s); err != nil {
 		return errors.Wrap(err, "failed to configure proxy for docker daemon")
 	}
 
-	logger.Infoln("Installing kubeadm...")
-	return errors.Wrap(installKubeadm(s, *node), "failed to install kubeadm")
+	return nil
 }
 
 func createEnvironmentFile(s *state.State) error {
@@ -250,13 +260,13 @@ func uploadConfigurationFilesToNode(s *state.State, _ *kubeoneapi.HostConfig, co
 	return nil
 }
 
-func configureProxy(s *state.State) error {
+func containerRuntimeEnvironment(s *state.State) error {
 	if s.Cluster.Proxy.HTTP == "" && s.Cluster.Proxy.HTTPS == "" && s.Cluster.Proxy.NoProxy == "" {
 		return nil
 	}
 
-	s.Logger.Infoln("Configuring docker/kubelet proxy...")
-	cmd, err := scripts.DaemonsProxy()
+	s.Logger.Infoln("Configuring docker/containerd/kubelet environment...")
+	cmd, err := scripts.DaemonsEnvironmentDropIn("docker", "containerd", "kubelet")
 	if err != nil {
 		return err
 	}
diff --git a/pkg/tasks/upgrade_follower.go b/pkg/tasks/upgrade_follower.go
index 70ca4f2d5..737603c40 100644
--- a/pkg/tasks/upgrade_follower.go
+++ b/pkg/tasks/upgrade_follower.go
@@ -51,13 +51,17 @@ func upgradeFollowerExecutor(s *state.State, node *kubeoneapi.HostConfig, conn s
 		return errors.Wrap(err, "failed to drain follower control plane node")
 	}
 
+	if err := setupProxy(logger, s); err != nil {
+		return err
+	}
+
 	logger.Infoln("Upgrading Kubernetes binaries on follower control plane...")
 	if err := upgradeKubeadmAndCNIBinaries(s, *node); err != nil {
 		return errors.Wrap(err, "failed to upgrade kubernetes binaries on follower control plane")
 	}
 
 	logger.Infoln("Running 'kubeadm upgrade' on the follower control plane node...")
-	if err := upgradeFollowerControlPlane(s); err != nil {
+	if err := upgradeFollowerControlPlane(s, node.ID); err != nil {
 		return errors.Wrap(err, "failed to upgrade follower control plane")
 	}
 
diff --git a/pkg/tasks/upgrade_leader.go b/pkg/tasks/upgrade_leader.go
index 293f79936..c246a3c57 100644
--- a/pkg/tasks/upgrade_leader.go
+++ b/pkg/tasks/upgrade_leader.go
@@ -51,13 +51,17 @@ func upgradeLeaderExecutor(s *state.State, node *kubeoneapi.HostConfig, conn ssh
 		return errors.Wrap(err, "failed to drain follower control plane node")
 	}
 
+	if err := setupProxy(logger, s); err != nil {
+		return err
+	}
+
 	logger.Infoln("Upgrading kubeadm binary on the leader control plane...")
 	if err := upgradeKubeadmAndCNIBinaries(s, *node); err != nil {
 		return errors.Wrap(err, "failed to upgrade kubernetes binaries on leader control plane")
 	}
 
 	logger.Infoln("Running 'kubeadm upgrade' on leader control plane node...")
-	if err := upgradeLeaderControlPlane(s); err != nil {
+	if err := upgradeLeaderControlPlane(s, node.ID); err != nil {
 		return errors.Wrap(err, "failed to run 'kubeadm upgrade' on leader control plane")
 	}
 
diff --git a/pkg/tasks/upgrade_static_workers.go b/pkg/tasks/upgrade_static_workers.go
index fa2b48a81..8037ebd77 100644
--- a/pkg/tasks/upgrade_static_workers.go
+++ b/pkg/tasks/upgrade_static_workers.go
@@ -53,6 +53,10 @@ func upgradeStaticWorkersExecutor(s *state.State, node *kubeoneapi.HostConfig, c
 		return errors.Wrap(err, "failed to drain follower control plane node")
 	}
 
+	if err := setupProxy(logger, s); err != nil {
+		return err
+	}
+
 	logger.Infoln("Upgrading Kubernetes binaries on static worker node...")
 	if err := upgradeKubeadmAndCNIBinaries(s, *node); err != nil {
 		return errors.Wrap(err, "failed to upgrade kubernetes binaries on static worker node")

From f5f9a67e01bcdf3d4415337365d90a428daadd36 Mon Sep 17 00:00:00 2001
From: Artiom Diomin <kron82@gmail.com>
Date: Sat, 22 Jan 2022 18:33:20 +0200
Subject: [PATCH 2/3] Update fixtures

Signed-off-by: Artiom Diomin <kron82@gmail.com>
---
 .../testdata/TestKubeadmAmazonLinux-force.golden   |  7 -------
 ...estKubeadmAmazonLinux-overwrite_registry.golden |  7 -------
 ...mAmazonLinux-overwrite_registry_insecure.golden |  7 -------
 .../testdata/TestKubeadmAmazonLinux-proxy.golden   |  7 -------
 .../testdata/TestKubeadmAmazonLinux-simple.golden  |  7 -------
 .../testdata/TestKubeadmAmazonLinux-v1.16.1.golden |  7 -------
 .../TestKubeadmAmazonLinux-with_containerd.golden  |  7 -------
 ...x-with_containerd_with_insecure_registry.golden |  7 -------
 .../testdata/TestKubeadmCentOS-force.golden        |  7 -------
 .../TestKubeadmCentOS-overwrite_registry.golden    |  7 -------
 ...ubeadmCentOS-overwrite_registry_insecure.golden |  7 -------
 .../testdata/TestKubeadmCentOS-proxy.golden        |  7 -------
 .../testdata/TestKubeadmCentOS-simple.golden       |  7 -------
 .../testdata/TestKubeadmCentOS-v1.16.1.golden      |  7 -------
 .../TestKubeadmCentOS-with_containerd.golden       |  7 -------
 ...S-with_containerd_with_insecure_registry.golden |  7 -------
 .../TestKubeadmDebian-overwrite_registry.golden    |  7 -------
 ...ubeadmDebian-overwrite_registry_insecure.golden |  7 -------
 .../testdata/TestKubeadmDebian-simple.golden       |  7 -------
 .../TestKubeadmDebian-with_containerd.golden       |  7 -------
 ...n-with_containerd_with_insecure_registry.golden |  7 -------
 .../testdata/TestKubeadmFlatcar-force.golden       |  7 -------
 .../TestKubeadmFlatcar-overwrite_registry.golden   |  7 -------
 ...beadmFlatcar-overwrite_registry_insecure.golden |  7 -------
 .../testdata/TestKubeadmFlatcar-simple.golden      |  7 -------
 .../TestKubeadmFlatcar-with_containerd.golden      |  7 -------
 .../testdata/TestKubeadmUpgrade-leader.golden      |  3 +++
 .../testdata/TestKubeadmUpgrade-v1beta2.golden     |  3 +++
 .../TestKubeadmUpgradeLeader-v1beta2.golden        |  3 ---
 .../TestMigrateToContainerd-flatcar.golden         | 14 --------------
 ...TestMigrateToContainerd-insecureRegistry.golden | 14 --------------
 .../testdata/TestMigrateToContainerd-simple.golden | 14 --------------
 ...onsProxy.golden => TestTestDaemonsProxy.golden} | 13 ++++++++-----
 .../TestUpgradeKubeadmAndCNIAmazonLinux.golden     |  7 -------
 .../testdata/TestUpgradeKubeadmAndCNICentOS.golden |  7 -------
 .../testdata/TestUpgradeKubeadmAndCNIDebian.golden |  7 -------
 .../TestUpgradeKubeletAndKubectlAmazonLinux.golden |  7 -------
 .../TestUpgradeKubeletAndKubectlCentOS.golden      |  7 -------
 .../TestUpgradeKubeletAndKubectlDebian.golden      |  7 -------
 39 files changed, 14 insertions(+), 274 deletions(-)
 create mode 100644 pkg/scripts/testdata/TestKubeadmUpgrade-leader.golden
 create mode 100644 pkg/scripts/testdata/TestKubeadmUpgrade-v1beta2.golden
 delete mode 100644 pkg/scripts/testdata/TestKubeadmUpgradeLeader-v1beta2.golden
 rename pkg/scripts/testdata/{TestDaemonsProxy.golden => TestTestDaemonsProxy.golden} (55%)

diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden
index 74bd5b150..7563ccc62 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-force.golden
@@ -96,13 +96,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden
index 74bd5b150..7563ccc62 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry.golden
@@ -96,13 +96,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden
index 7ad6dc5d1..b5facf7ff 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-overwrite_registry_insecure.golden
@@ -99,13 +99,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden
index 3b922fc26..d5c4d7701 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-proxy.golden
@@ -96,13 +96,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden
index 74bd5b150..7563ccc62 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-simple.golden
@@ -96,13 +96,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden
index 74bd5b150..7563ccc62 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-v1.16.1.golden
@@ -96,13 +96,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden
index 8beec41e2..a97dd4593 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd.golden
@@ -104,13 +104,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden
index c61aaf683..00a5c63f2 100644
--- a/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmAmazonLinux-with_containerd_with_insecure_registry.golden
@@ -106,13 +106,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-force.golden b/pkg/scripts/testdata/TestKubeadmCentOS-force.golden
index 01c616f03..857fe8e05 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-force.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-force.golden
@@ -102,13 +102,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden
index e2fc24b1c..9336f66b3 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry.golden
@@ -102,13 +102,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden
index 11a8f43f4..813e6f256 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-overwrite_registry_insecure.golden
@@ -105,13 +105,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden b/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden
index 6af697ad9..7f2aedd50 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-proxy.golden
@@ -102,13 +102,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden b/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden
index e2fc24b1c..9336f66b3 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-simple.golden
@@ -102,13 +102,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden b/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden
index c4f33f13c..cb2df2cd3 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-v1.16.1.golden
@@ -102,13 +102,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden
index 4e439c364..c6429166f 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd.golden
@@ -110,13 +110,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden
index e67767203..25b930ed3 100644
--- a/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmCentOS-with_containerd_with_insecure_registry.golden
@@ -112,13 +112,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden
index 8e2378e5a..2e687f271 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry.golden
@@ -104,13 +104,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden
index d666f20a9..ead330961 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-overwrite_registry_insecure.golden
@@ -107,13 +107,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-simple.golden b/pkg/scripts/testdata/TestKubeadmDebian-simple.golden
index 8e2378e5a..2e687f271 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-simple.golden
@@ -104,13 +104,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
index f8cd0f67c..9481982ee 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd.golden
@@ -106,13 +106,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
index 9e28f1413..6b2b3fc8f 100644
--- a/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmDebian-with_containerd_with_insecure_registry.golden
@@ -108,13 +108,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden
index b9ec1de8f..7867ea890 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-force.golden
@@ -80,13 +80,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden
index b9ec1de8f..7867ea890 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry.golden
@@ -80,13 +80,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden
index 5fde43683..2f33b2430 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-overwrite_registry_insecure.golden
@@ -83,13 +83,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden
index b9ec1de8f..7867ea890 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-simple.golden
@@ -80,13 +80,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable --now docker
 sudo systemctl restart docker
diff --git a/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden b/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden
index 73ef85fa1..751537088 100644
--- a/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden
+++ b/pkg/scripts/testdata/TestKubeadmFlatcar-with_containerd.golden
@@ -99,13 +99,6 @@ ExecStart=
 ExecStart=/usr/bin/env PATH=\${TORCX_BINDIR}:\${PATH} \${TORCX_BINDIR}/containerd --config \${CONTAINERD_CONFIG}
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestKubeadmUpgrade-leader.golden b/pkg/scripts/testdata/TestKubeadmUpgrade-leader.golden
new file mode 100644
index 000000000..6b285607b
--- /dev/null
+++ b/pkg/scripts/testdata/TestKubeadmUpgrade-leader.golden
@@ -0,0 +1,3 @@
+set -xeu pipefail
+export "PATH=$PATH:/sbin:/usr/local/bin:/opt/bin"
+sudo kubeadm upgrade apply -y --certificate-renewal=true v1.1.1 --config=some/cfg/master_0.yaml
diff --git a/pkg/scripts/testdata/TestKubeadmUpgrade-v1beta2.golden b/pkg/scripts/testdata/TestKubeadmUpgrade-v1beta2.golden
new file mode 100644
index 000000000..c39eb3f92
--- /dev/null
+++ b/pkg/scripts/testdata/TestKubeadmUpgrade-v1beta2.golden
@@ -0,0 +1,3 @@
+set -xeu pipefail
+export "PATH=$PATH:/sbin:/usr/local/bin:/opt/bin"
+sudo kubeadm upgrade node
diff --git a/pkg/scripts/testdata/TestKubeadmUpgradeLeader-v1beta2.golden b/pkg/scripts/testdata/TestKubeadmUpgradeLeader-v1beta2.golden
deleted file mode 100644
index e926927ec..000000000
--- a/pkg/scripts/testdata/TestKubeadmUpgradeLeader-v1beta2.golden
+++ /dev/null
@@ -1,3 +0,0 @@
-set -xeu pipefail
-export "PATH=$PATH:/sbin:/usr/local/bin:/opt/bin"
-sudo kubeadm upgrade node --certificate-renewal=true --config=test-wd/cfg/master_0.yaml
diff --git a/pkg/scripts/testdata/TestMigrateToContainerd-flatcar.golden b/pkg/scripts/testdata/TestMigrateToContainerd-flatcar.golden
index 60471ce21..0e3d32490 100644
--- a/pkg/scripts/testdata/TestMigrateToContainerd-flatcar.golden
+++ b/pkg/scripts/testdata/TestMigrateToContainerd-flatcar.golden
@@ -32,13 +32,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo mkdir -p /etc/systemd/system/containerd.service.d
 cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/10-kubeone.conf
 [Service]
@@ -48,13 +41,6 @@ ExecStart=
 ExecStart=/usr/bin/env PATH=\${TORCX_BINDIR}:\${PATH} \${TORCX_BINDIR}/containerd --config \${CONTAINERD_CONFIG}
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden b/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden
index b2ba66900..d8979c5d4 100644
--- a/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden
+++ b/pkg/scripts/testdata/TestMigrateToContainerd-insecureRegistry.golden
@@ -34,20 +34,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden b/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden
index aafb7bfba..f4b82789a 100644
--- a/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden
+++ b/pkg/scripts/testdata/TestMigrateToContainerd-simple.golden
@@ -32,20 +32,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestDaemonsProxy.golden b/pkg/scripts/testdata/TestTestDaemonsProxy.golden
similarity index 55%
rename from pkg/scripts/testdata/TestDaemonsProxy.golden
rename to pkg/scripts/testdata/TestTestDaemonsProxy.golden
index bc98f2706..4bc903c12 100644
--- a/pkg/scripts/testdata/TestDaemonsProxy.golden
+++ b/pkg/scripts/testdata/TestTestDaemonsProxy.golden
@@ -4,15 +4,18 @@ export "PATH=$PATH:/sbin:/usr/local/bin:/opt/bin"
 sudo mkdir -p /etc/systemd/system/docker.service.d
 cat <<EOF | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf
 [Service]
-EnvironmentFile=/etc/kubeone/proxy-env
+EnvironmentFile=/etc/environment
+EOF
+
+sudo mkdir -p /etc/systemd/system/containerd.service.d
+cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/http-proxy.conf
+[Service]
+EnvironmentFile=/etc/environment
 EOF
 
 sudo mkdir -p /etc/systemd/system/kubelet.service.d
 cat <<EOF | sudo tee /etc/systemd/system/kubelet.service.d/http-proxy.conf
 [Service]
-EnvironmentFile=/etc/kubeone/proxy-env
+EnvironmentFile=/etc/environment
 EOF
 
-sudo systemctl daemon-reload
-if sudo systemctl status docker &>/dev/null; then sudo systemctl restart docker; fi
-if sudo systemctl status kubelet &>/dev/null; then sudo systemctl restart kubelet; fi
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden
index 6ccc9dd6c..a534b93c1 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIAmazonLinux.golden
@@ -96,13 +96,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden
index c97afeadd..8fa919992 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNICentOS.golden
@@ -102,13 +102,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
index 4d20694d4..f97c074d9 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeadmAndCNIDebian.golden
@@ -105,13 +105,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden
index 7d46efa20..3293ccb59 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlAmazonLinux.golden
@@ -96,13 +96,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden
index 75afecbe2..d672cb78b 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlCentOS.golden
@@ -102,13 +102,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd
diff --git a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
index cc123679b..e08a901f0 100644
--- a/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
+++ b/pkg/scripts/testdata/TestUpgradeKubeletAndKubectlDebian.golden
@@ -105,13 +105,6 @@ cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///var/run/dockershim.sock
 EOF
 
-sudo mkdir -p /etc/systemd/system/containerd.service.d
-cat <<EOF | sudo tee /etc/systemd/system/containerd.service.d/environment.conf
-[Service]
-Restart=always
-EnvironmentFile=-/etc/environment
-EOF
-
 sudo systemctl daemon-reload
 sudo systemctl enable containerd
 sudo systemctl restart containerd

From 39242a15ec29e2bbbcb65f3eb76a1bdf51c50a0d Mon Sep 17 00:00:00 2001
From: Artiom Diomin <kron82@gmail.com>
Date: Sat, 22 Jan 2022 19:21:37 +0200
Subject: [PATCH 3/3] Restart systemd services after changing their Environment

Signed-off-by: Artiom Diomin <kron82@gmail.com>
---
 pkg/scripts/proxy.go                             | 8 ++++++--
 pkg/scripts/testdata/TestTestDaemonsProxy.golden | 4 ++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkg/scripts/proxy.go b/pkg/scripts/proxy.go
index 2b69860d0..2cdc31f88 100644
--- a/pkg/scripts/proxy.go
+++ b/pkg/scripts/proxy.go
@@ -29,9 +29,13 @@ cat <<EOF | sudo tee /etc/systemd/system/{{ . }}.service.d/http-proxy.conf
 EnvironmentFile=/etc/environment
 EOF
 {{ end }}
+sudo systemctl daemon-reload
+{{- range .SYSTEMD_SERVICES }}
+if sudo systemctl status {{ . }} &>/dev/null; then sudo systemctl restart {{ . }}; fi
+{{- end }}
 `
 
-	environmentFileCmd = `
+	environmentFileScriptTemplate = `
 sudo mkdir -p /etc/kubeone
 cat <<EOF | sudo tee /etc/kubeone/proxy-env
 {{ with .HTTP_PROXY -}}
@@ -62,7 +66,7 @@ sudo tee /etc/environment < $envtmp
 )
 
 func EnvironmentFile(cluster *kubeone.KubeOneCluster) (string, error) {
-	return Render(environmentFileCmd, Data{
+	return Render(environmentFileScriptTemplate, Data{
 		"HTTP_PROXY":  cluster.Proxy.HTTP,
 		"HTTPS_PROXY": cluster.Proxy.HTTPS,
 		"NO_PROXY":    cluster.Proxy.NoProxy,
diff --git a/pkg/scripts/testdata/TestTestDaemonsProxy.golden b/pkg/scripts/testdata/TestTestDaemonsProxy.golden
index 4bc903c12..f642bada7 100644
--- a/pkg/scripts/testdata/TestTestDaemonsProxy.golden
+++ b/pkg/scripts/testdata/TestTestDaemonsProxy.golden
@@ -19,3 +19,7 @@ cat <<EOF | sudo tee /etc/systemd/system/kubelet.service.d/http-proxy.conf
 EnvironmentFile=/etc/environment
 EOF
 
+sudo systemctl daemon-reload
+if sudo systemctl status docker &>/dev/null; then sudo systemctl restart docker; fi
+if sudo systemctl status containerd &>/dev/null; then sudo systemctl restart containerd; fi
+if sudo systemctl status kubelet &>/dev/null; then sudo systemctl restart kubelet; fi