Updating to k8s 1.21

bootstrap/init.sh

@@ -6,7 +6,7 @@
 echo "######################################################################################"
 echo "##  Reinit repository"
 rm -rf kubespray
-VERSION=${1:-release-2.17}
+VERSION=${1:-release-2.19}
 git clone --branch $VERSION https://github.com/kubernetes-sigs/kubespray.git
 
 echo "######################################################################################"
@@ -47,7 +47,6 @@ rsync -a ./inventory/ ./kubespray/inventory/
 echo "## * changing into kubespray dir"
 cd kubespray
 echo "## * execute the following command to force new settings"
-echo "ansible-playbook -i inventory/prod/inventory.ini mitogen.yml &&"
 echo "ansible-playbook -i inventory/prod/inventory.ini -e upgrade_cluster_setup=true cluster.yml"
 
 # cp -r kubespray/inventory/sample kubespray/inventory/prod

bootstrap/inventory/prod/group_vars/all/all.yml

@@ -7,7 +7,8 @@ kubelet_preferred_address_types: 'Hostname,ExternalDNS,ExternalIP,InternalDNS,In
 etcd_data_dir: /var/lib/etcd
 
 ## Experimental kubeadm etcd deployment mode. Available only for new deployment
-etcd_kubeadm_enabled: false
+#etcd_kubeadm_enabled: false
+etcd_deployment_type: docker
 
 ## Directory where the binaries will be installed
 bin_dir: /usr/local/bin

bootstrap/inventory/prod/group_vars/all/aws.yml

@@ -1,8 +0,0 @@
-## To use AWS EBS CSI Driver to provision volumes, uncomment the first value
-## and configure the parameters below
-# aws_ebs_csi_enabled: true
-# aws_ebs_csi_enable_volume_scheduling: true
-# aws_ebs_csi_enable_volume_snapshot: false
-# aws_ebs_csi_enable_volume_resizing: false
-# aws_ebs_csi_controller_replicas: 1
-# aws_ebs_csi_plugin_image_tag: latest

bootstrap/inventory/prod/group_vars/all/azure.yml

@@ -1,37 +0,0 @@
-## When azure is used, you need to also set the following variables.
-## see docs/azure.md for details on how to get these values
-
-# azure_cloud:
-# azure_tenant_id:
-# azure_subscription_id:
-# azure_aad_client_id:
-# azure_aad_client_secret:
-# azure_resource_group:
-# azure_location:
-# azure_subnet_name:
-# azure_security_group_name:
-# azure_vnet_name:
-# azure_vnet_resource_group:
-# azure_route_table_name:
-# supported values are 'standard' or 'vmss'
-# azure_vmtype: standard
-
-## Azure Disk CSI credentials and parameters
-## see docs/azure-csi.md for details on how to get these values
-
-# azure_csi_tenant_id:
-# azure_csi_subscription_id:
-# azure_csi_aad_client_id:
-# azure_csi_aad_client_secret:
-# azure_csi_location:
-# azure_csi_resource_group:
-# azure_csi_vnet_name:
-# azure_csi_vnet_resource_group:
-# azure_csi_subnet_name:
-# azure_csi_security_group_name:
-# azure_csi_use_instance_metadata:
-
-## To enable Azure Disk CSI, uncomment below
-# azure_csi_enabled: true
-# azure_csi_controller_replicas: 1
-# azure_csi_plugin_image_tag: latest

bootstrap/inventory/prod/group_vars/all/containerd.yml

@@ -1,19 +0,0 @@
----
-# Please see roles/container-engine/containerd/defaults/main.yml for more configuration options
-
-# Example: define registry mirror for docker hub
-
-# containerd_config:
-#   grpc:
-#     max_recv_message_size: 16777216
-#     max_send_message_size: 16777216
-#   debug:
-#     level: ""
-#   registries:
-#     "docker.io":
-#       - "https://mirror.gcr.io"
-#       - "https://registry-1.docker.io"
-#   max_container_log_line_size: -1
-#   metrics:
-#     address: ""
-#     grpc_histogram: false

bootstrap/inventory/prod/group_vars/all/coreos.yml

@@ -1,2 +0,0 @@
-## Does coreos need auto upgrade, default is true
-# coreos_auto_upgrade: true

bootstrap/inventory/prod/group_vars/all/docker.yml

@@ -1,58 +0,0 @@
----
-## Uncomment this if you want to force overlay/overlay2 as docker storage driver
-## Please note that overlay2 is only supported on newer kernels
-# docker_storage_options: -s overlay2
-
-## Enable docker_container_storage_setup, it will configure devicemapper driver on Centos7 or RedHat7.
-docker_container_storage_setup: false
-
-## It must be define a disk path for docker_container_storage_setup_devs.
-## Otherwise docker-storage-setup will be executed incorrectly.
-# docker_container_storage_setup_devs: /dev/vdb
-
-## Uncomment this if you want to change the Docker Cgroup driver (native.cgroupdriver)
-## Valid options are systemd or cgroupfs, default is systemd
-# docker_cgroup_driver: systemd
-
-## Uncomment this if you have more than 3 nameservers, then we'll only use the first 3.
-docker_dns_servers_strict: false
-
-# Path used to store Docker data
-docker_daemon_graph: "/var/lib/docker"
-
-## Used to set docker daemon iptables options to true
-docker_iptables_enabled: "false"
-
-# Docker log options
-# Rotate container stderr/stdout logs at 50m and keep last 5
-docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
-
-# define docker bin_dir
-docker_bin_dir: "/usr/bin"
-
-# keep docker packages after installation; speeds up repeated ansible provisioning runs when '1'
-# kubespray deletes the docker package on each run, so caching the package makes sense
-docker_rpm_keepcache: 0
-
-## An obvious use case is allowing insecure-registry access to self hosted registries.
-## Can be ipaddress and domain_name.
-## example define 172.19.16.11 or mirror.registry.io
-# docker_insecure_registries:
-#   - mirror.registry.io
-#   - 172.19.16.11
-
-## Add other registry,example China registry mirror.
-# docker_registry_mirrors:
-#   - https://registry.docker-cn.com
-#   - https://mirror.aliyuncs.com
-
-## If non-empty will override default system MountFlags value.
-## This option takes a mount propagation flag: shared, slave
-## or private, which control whether mounts in the file system
-## namespace set up for docker will receive or propagate mounts
-## and unmounts. Leave empty for system default
-# docker_mount_flags:
-
-## A string of extra options to pass to the docker daemon.
-## This string should be exactly as you wish it to appear.
-# docker_options: ""

bootstrap/inventory/prod/group_vars/all/gcp.yml

@@ -1,10 +0,0 @@
-## GCP compute Persistent Disk CSI Driver credentials and parameters
-## See docs/gcp-pd-csi.md for information about the implementation
-
-## Specify the path to the file containing the service account credentials
-# gcp_pd_csi_sa_cred_file: "/my/safe/credentials/directory/cloud-sa.json"
-
-## To enable GCP Persistent Disk CSI driver, uncomment below
-# gcp_pd_csi_enabled: true
-# gcp_pd_csi_controller_replicas: 1
-# gcp_pd_csi_driver_image_tag: "v0.7.0-gke.0"

bootstrap/inventory/prod/group_vars/all/oci.yml

@@ -1,28 +0,0 @@
-## When Oracle Cloud Infrastructure is used, set these variables
-# oci_private_key:
-# oci_region_id:
-# oci_tenancy_id:
-# oci_user_id:
-# oci_user_fingerprint:
-# oci_compartment_id:
-# oci_vnc_id:
-# oci_subnet1_id:
-# oci_subnet2_id:
-## Override these default/optional behaviors if you wish
-# oci_security_list_management: All
-## If you would like the controller to manage specific lists per subnet. This is a mapping of subnet ocids to security list ocids. Below are examples.
-# oci_security_lists:
-#   ocid1.subnet.oc1.phx.aaaaaaaasa53hlkzk6nzksqfccegk2qnkxmphkblst3riclzs4rhwg7rg57q: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q
-#   ocid1.subnet.oc1.phx.aaaaaaaahuxrgvs65iwdz7ekwgg3l5gyah7ww5klkwjcso74u3e4i64hvtvq: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q
-## If oci_use_instance_principals is true, you do not need to set the region, tenancy, user, key, passphrase, or fingerprint
-# oci_use_instance_principals: false
-# oci_cloud_controller_version: 0.6.0
-## If you would like to control OCI query rate limits for the controller
-# oci_rate_limit:
-#   rate_limit_qps_read:
-#   rate_limit_qps_write:
-#   rate_limit_bucket_read:
-#   rate_limit_bucket_write:
-## Other optional variables
-# oci_cloud_controller_pull_source: (default iad.ocir.io/oracle/cloud-provider-oci)
-# oci_cloud_controller_pull_secret: (name of pull secret to use if you define your own mirror above)

bootstrap/inventory/prod/group_vars/all/openstack.yml

@@ -1,51 +0,0 @@
-## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (Fixed in 1.9: https://github.com/kubernetes/kubernetes/issues/50461)
-# openstack_blockstorage_version: "v1/v2/auto (default)"
-# openstack_blockstorage_ignore_volume_az: yes
-## When OpenStack is used, if LBaaSv2 is available you can enable it with the following 2 variables.
-# openstack_lbaas_enabled: True
-# openstack_lbaas_subnet_id: "Neutron subnet ID (not network ID) to create LBaaS VIP"
-## To enable automatic floating ip provisioning, specify a subnet.
-# openstack_lbaas_floating_network_id: "Neutron network ID (not subnet ID) to get floating IP from, disabled by default"
-## Override default LBaaS behavior
-# openstack_lbaas_use_octavia: False
-# openstack_lbaas_method: "ROUND_ROBIN"
-# openstack_lbaas_provider: "haproxy"
-# openstack_lbaas_create_monitor: "yes"
-# openstack_lbaas_monitor_delay: "1m"
-# openstack_lbaas_monitor_timeout: "30s"
-# openstack_lbaas_monitor_max_retries: "3"
-
-## Values for the external OpenStack Cloud Controller
-# external_openstack_lbaas_network_id: "Neutron network ID to create LBaaS VIP"
-# external_openstack_lbaas_subnet_id: "Neutron subnet ID to create LBaaS VIP"
-# external_openstack_lbaas_floating_network_id: "Neutron network ID to get floating IP from"
-# external_openstack_lbaas_floating_subnet_id: "Neutron subnet ID to get floating IP from"
-# external_openstack_lbaas_use_octavia: true
-# external_openstack_lbaas_method: "ROUND_ROBIN"
-# external_openstack_lbaas_create_monitor: false
-# external_openstack_lbaas_monitor_delay: "1m"
-# external_openstack_lbaas_monitor_timeout: "30s"
-# external_openstack_lbaas_monitor_max_retries: "3"
-# external_openstack_lbaas_manage_security_groups: false
-# external_openstack_lbaas_internal_lb: false
-# external_openstack_network_ipv6_disabled: false
-# external_openstack_network_internal_networks:
-#   - ""
-# external_openstack_network_public_networks:
-#   - ""
-# external_openstack_metadata_search_order: "configDrive,metadataService"
-
-## Application credentials to authenticate against Keystone API
-## Those settings will take precedence over username and password that might be set your environment
-## All of them are required
-# external_openstack_application_credential_name:
-# external_openstack_application_credential_id:
-# external_openstack_application_credential_secret:
-
-## The tag of the external OpenStack Cloud Controller image
-# external_openstack_cloud_controller_image_tag: "latest"
-
-## To use Cinder CSI plugin to provision volumes set this value to true
-## Make sure to source in the openstack credentials
-# cinder_csi_enabled: true
-# cinder_csi_controller_replicas: 1

bootstrap/inventory/prod/group_vars/all/vsphere.yml

@@ -1,20 +0,0 @@
-## Values for the external vSphere Cloud Provider
-# external_vsphere_vcenter_ip: "myvcenter.domain.com"
-# external_vsphere_vcenter_port: "443"
-# external_vsphere_insecure: "true"
-# external_vsphere_user: "administrator@vsphere.local"
-# external_vsphere_password: "K8s_admin"
-# external_vsphere_datacenter: "DATACENTER_name"
-# external_vsphere_kubernetes_cluster_id: "kubernetes-cluster-id"
-
-## Tags for the external vSphere Cloud Provider images
-# external_vsphere_cloud_controller_image_tag: "latest"
-# vsphere_syncer_image_tag: "v1.0.2"
-# vsphere_csi_attacher_image_tag: "v1.1.1"
-# vsphere_csi_controller: "v1.0.2"
-# vsphere_csi_liveness_probe_image_tag: "v1.1.0"
-# vsphere_csi_provisioner_image_tag: "v1.2.2"
-
-## To use vSphere CSI plugin to provision volumes set this value to true
-# vsphere_csi_enabled: true
-# vsphere_csi_controller_replicas: 1

bootstrap/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml

@@ -27,7 +27,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
 kube_api_anonymous_auth: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.20.7
+kube_version: v1.21.13
 
 # kubernetes image repo define
 kube_image_repo: "k8s.gcr.io"
@@ -295,8 +295,11 @@ nvidia_accelerator_enabled: true
 ## Important: if you use Ubuntu then you should set in all.yml 'docker_storage_options: -s overlay2'
 ## Array with nvida_gpu_nodes, leave empty or comment if you don't want to install drivers.
 ## Labels and taints won't be set to nodes if they are not in the array.
-nvidia_gpu_nodes:
+
-- jetson1.dyndns.moritzgraf.de
+#moritz
+#nvidia_gpu_nodes:
+#- jetson1.dyndns.moritzgraf.de
+
 # nvidia_driver_version: "384.111"
 ## flavor can be tesla or gtx
 # nvidia_gpu_flavor: gtx