[doc] Move all variables to group_vars

Makes sense to be consistent and follow suggestion to use group_vars
where applicable.
There is a bug in vexxhost collection which prevents from doing so,
unfortunatelly.

For this to be accurate doc, a patch to vexxhost collection should
land first:
vexxhost/ansible-collection-kubernetes#136

Change-Id: I5f48e913436bf5d6a8d6c0a9f77c58886e451d1f

Author: Dmitriy Rabotyagov

mcapi_vexxhost/README.rst

@@ -110,10 +110,13 @@ in `/etc/openstack_deploy/group_vars/k8s_all/haproxy_service.yml`
 Configure the LXC container that will host the control plane k8s cluster to
 be suitable for running nested containers in `/etc/openstack_deploy/group_vars/k8s_all/main.yml`
 
+There you can also set config-overrides for the control plane of the k8s cluster,
+which integrate the control plane k8s deployment with the rest of the openstack-ansible deployment.
+
 .. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml
    :language: yaml
 
-Set up config-overrides for the magnum service in `/etc/openstack_deploy/user_variables_magnum.yml`.
+Set up config-overrides for the magnum service in `/etc/openstack_deploy/group_vars/magnum_all/main.yml`.
 Adjust the images and flavors here as necessary, these are just for demonstration. Upload as many
 images as you need for the different workload cluster kubernetes versions.
 
@@ -123,14 +126,7 @@ service and cluster-api can be configured to interact with either the external o
 internal endpoint and must trust the SSL certificiate. Depending on the environment,
 these may be derived from different certificate authorities.
 
-.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_z_magnum.yml
-   :language: yaml
-
-Set up config-overrides for the control plane k8s cluster in /etc/openstack_deploy/user_variables_k8s.yml`
-These variables integrate the control plane k8s deployment with the rest of the
-openstack-ansible deployment.
-
-.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml
+.. literalinclude:: ../../mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/magnum_all/main.yml
    :language: yaml
 
 Run the deployment

mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/k8s_all/main.yml

@@ -1,6 +1,31 @@
+---
+# Run ansible modules in a venv on the target hosts
+ansible_collection_kubernetes_target_venv: /opt/mcapi_ansible_venv
+
+# Pick a range of addresses for cilium that do not collide with anything else
+cilium_ipv4_cidr: 172.29.200.0/22
+
+# wire OSA group, host and network addresses into k8s deployment
+kubelet_hostname: "{{ ansible_facts['hostname'] | lower }}"
+kubelet_node_ip: "{{ management_address }}"
+kubernetes_control_plane_group: k8s_container
+kubernetes_hostname: "{{ internal_lb_vip_address }}"
+kubernetes_non_init_namespace: true
+
+# Define custom k8s version for the control cluster
+# kubernetes_version: 1.31
+
+# Define LXC container overrides
 lxc_container_config_list:
   - "lxc.apparmor.profile=unconfined"
 
 lxc_container_mount_auto:
   - "proc:rw"
   - "sys:rw"
+
+# Set this manually, or kube-proxy will try to do this - not possible
+# in a non-init namespace and will fail in LXC
+openstack_host_nf_conntrack_max: 1572864
+
+# OSA containers dont run ssh by default so cannot use synchronize
+upload_helm_chart_method: copy

mcapi_vexxhost/playbooks/files/openstack_deploy/group_vars/magnum_all/main.yml

@@ -0,0 +1,38 @@
+---
+# Copyright 2020, VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+magnum_magnum_cluster_api_git_install_branch: v0.22.1
+
+# install magnum-cluster-api and kubernetes python package into magnum venv
+magnum_user_pip_packages:
+  - "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
+  - kubernetes
+
+# ensure that the internal VIP CA is trusted by the CAPI driver
+magnum_config_overrides:
+  drivers:
+    # Supply a custom CA file which will be passed and used exclusively on all workload nodes
+    # System trust will be used by default
+    openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
+  capi_client:
+    # Supply a CA that will be used exclusively for connections towards
+    # OpenStack public and internal endpoints.
+    ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
+    endpoint: 'internalURL'
+  cluster_template:
+    kubernetes_allowed_network_drivers: 'calico'
+    kubernetes_default_network_driver: 'calico'
+  certificates:
+    cert_manager_type: x509keypair

mcapi_vexxhost/playbooks/files/openstack_deploy/user_variables_k8s.yml

@@ -13,27 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-magnum_magnum_cluster_api_git_install_branch: v0.22.1
-
-# install magnum-cluster-api and kubernetes python package into magnum venv
-magnum_user_pip_packages:
-  - "git+https://github.com/vexxhost/magnum-cluster-api@{{ magnum_magnum_cluster_api_git_install_branch }}#egg=magnum-cluster-api"
-  - kubernetes
-
-# ensure that the internal VIP CA is trusted by the CAPI driver
-# TODO - this is too hardwired somehow
-magnum_config_overrides:
-  drivers:
-    openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
-  capi_client:
-    ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
-    endpoint: 'internalURL'
-  cluster_template:
-    kubernetes_allowed_network_drivers: 'calico'
-    kubernetes_default_network_driver: 'calico'
-  certificates:
-    cert_manager_type: x509keypair
-
 # use the openstack_resources role in the capi functional test rather than os_magnum
 # to create the test resources
 magnum_glance_images: []