From f7de4719d6d52bcbba3896d6eaf1471190afeee0 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 29 Jul 2021 16:07:16 +0200
Subject: initialize emc kubernetes cluster

---
 inventory/group_vars/emc/vars.yml                           | 4 ++--
 inventory/group_vars/k8s-emc/vars.yml                       | 7 ++++---
 inventory/host_vars/ele-dione.yml                           | 4 ++--
 inventory/host_vars/ele-helene.yml                          | 4 ++--
 inventory/host_vars/emc-master.yml                          | 4 ++--
 inventory/hosts.ini                                         | 4 ++--
 roles/kubernetes/base/tasks/cri_containerd.yml              | 1 +
 roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml       | 2 +-
 roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 | 1 +
 9 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/inventory/group_vars/emc/vars.yml b/inventory/group_vars/emc/vars.yml
index 2f6d1584..2b37171f 100644
--- a/inventory/group_vars/emc/vars.yml
+++ b/inventory/group_vars/emc/vars.yml
@@ -8,10 +8,10 @@ install:
 
 network: {}
 
-docker_storage:
+containerd_storage:
   type: lvm
   vg: "{{ host_name }}"
-  lv: docker
+  lv: containerd
   size: 15G
   fs: ext4
 
diff --git a/inventory/group_vars/k8s-emc/vars.yml b/inventory/group_vars/k8s-emc/vars.yml
index 6964effb..7ecaba9e 100644
--- a/inventory/group_vars/k8s-emc/vars.yml
+++ b/inventory/group_vars/k8s-emc/vars.yml
@@ -1,8 +1,9 @@
 ---
-docker_pkg_provider: docker-com
+containerd_pkg_provider: docker-com
 
-kubernetes_version: 1.17.2
-kubernetes_container_runtime: docker
+kubernetes_version: 1.21.3
+kubernetes_cri_tools_pkg_version: 1.21.0~2
+kubernetes_container_runtime: containerd
 kubernetes_network_plugin: kubeguard
 
 kubernetes:
diff --git a/inventory/host_vars/ele-dione.yml b/inventory/host_vars/ele-dione.yml
index 22319a9f..d374e083 100644
--- a/inventory/host_vars/ele-dione.yml
+++ b/inventory/host_vars/ele-dione.yml
@@ -32,10 +32,10 @@ base_packages_extra_host:
 admin_users_host:
   - equinox
 
-docker_storage:
+containerd_storage:
   type: lvm
   vg: "{{ host_name }}"
-  lv: docker
+  lv: containerd
   size: 15G
   fs: ext4
 
diff --git a/inventory/host_vars/ele-helene.yml b/inventory/host_vars/ele-helene.yml
index d2b49178..f392346e 100644
--- a/inventory/host_vars/ele-helene.yml
+++ b/inventory/host_vars/ele-helene.yml
@@ -32,10 +32,10 @@ base_packages_extra_host:
 admin_users_host:
   - equinox
 
-docker_storage:
+containerd_storage:
   type: lvm
   vg: "{{ host_name }}"
-  lv: docker
+  lv: containerd
   size: 15G
   fs: ext4
 
diff --git a/inventory/host_vars/emc-master.yml b/inventory/host_vars/emc-master.yml
index 81fabd12..0a7ede28 100644
--- a/inventory/host_vars/emc-master.yml
+++ b/inventory/host_vars/emc-master.yml
@@ -34,10 +34,10 @@ network:
 
 external_ip: "{{ network.primary.overlay }}"
 
-docker_storage:
+containerd_storage:
   type: lvm
   vg: "{{ host_name }}"
-  lv: docker
+  lv: containerd
   size: 7G
   fs: ext4
 
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 23b295ba..a7b41430 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -505,8 +505,8 @@ standalone-kubelet
 
 ### Kubernetes Cluster: emc
 [k8s-emc-encoder]
-#ele-dione
-#ele-helene
+ele-dione
+ele-helene
 
 [k8s-emc-distribution:children]
 emc-dist
diff --git a/roles/kubernetes/base/tasks/cri_containerd.yml b/roles/kubernetes/base/tasks/cri_containerd.yml
index 97775b14..e13799b0 100644
--- a/roles/kubernetes/base/tasks/cri_containerd.yml
+++ b/roles/kubernetes/base/tasks/cri_containerd.yml
@@ -10,6 +10,7 @@
     containerd_config_override:
       plugins:
         "io.containerd.grpc.v1.cri":
+          disable_apparmor: true
           containerd:
             runtimes:
               runc:
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
index af609882..40cee3b7 100644
--- a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
@@ -88,7 +88,7 @@
 - name: install cni config
   template:
     src: net_kubeguard/cni.json.j2
-    dest: /etc/cni/net.d/kubeguard.json
+    dest: /etc/cni/net.d/kubeguard.conf
 
 - name: install packages needed for debugging kube-router
   when: kubernetes_network_plugin_variant == 'with-kube-router'
diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
index 4b8548f7..e141492f 100644
--- a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -48,3 +48,4 @@ apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 clusterDNS:
 - {{ kubernetes_nodelocal_dnscache_ip }}
+cgroupDriver: systemd
-- 
cgit v1.2.3