Upgrade to Kubernetes 1.24 and Longhorn 1.4.0

README.md

@@ -161,8 +161,6 @@ Added some ARM64 workers by using Ubuntu 22.04 server on Raspberry Pi.
 After machines have booted up and you can reach them via SSH:
 
 ```bash
-sudo -i
-
 # Enable required kernel modules
 cat > /etc/modules << EOF
 overlay
@@ -203,7 +201,7 @@ systemctl disable --now multipathd snapd bluetooth ModemManager hciuart wpa_supp
 sed -i -e 's/PermitRootLogin no/PermitRootLogin without-password/' /etc/ssh/sshd_config
 systemctl reload ssh
 cat ~ubuntu/.ssh/authorized_keys > /root/.ssh/authorized_keys
-userdel -fr ubuntu
+userdel -f ubuntu
 apt-get install -yqq linux-image-generic
 apt-get remove -yq cloud-init linux-image-*-kvm
 ```
@@ -220,13 +218,23 @@ cat <<EOF | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cr
 deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /
 EOF
 
-curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers.gpg add -
+rm -fv /etc/apt/trusted.gpg
-curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/Release.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers-cri-o.gpg add -
+curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor > /etc/apt/trusted.gpg.d/libcontainers.gpg
-curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/Release.key | gpg --dearmor > /etc/apt/trusted.gpg.d/libcontainers-cri-o.gpg
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg > /etc/apt/trusted.gpg.d/packages-cloud-google.gpg
 echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
 
 apt-get update
-apt-get install -yqq apt-transport-https curl cri-o cri-o-runc kubelet=1.24.8-00 kubectl=1.24.8-00 kubeadm=1.24.8-00
+apt-get install -yqq --allow-change-held-packages apt-transport-https curl cri-o cri-o-runc kubelet=1.24.10-00 kubectl=1.24.10-00 kubeadm=1.24.10-00
+
+cat << \EOF > /etc/containers/registries.conf
+unqualified-search-registries = ["docker.io"]
+# To pull Docker images from a mirror uncomment following
+#[[registry]]
+#prefix = "docker.io"
+#location = "mirror.gcr.io"
+EOF
+sudo systemctl restart crio
 sudo systemctl daemon-reload
 sudo systemctl enable crio --now
 apt-mark hold kubelet kubeadm kubectl
@@ -240,6 +248,16 @@ kubeadm init --token-ttl=120m --pod-network-cidr=10.244.0.0/16 --control-plane-e
 
 For the `kubeadm join` command specify FQDN via `--node-name $(hostname -f)`.
 
+Set AZ labels:
+
+```
+for j in $(seq 1 9); do
+  for t in master mon worker storage; do
+    kubectl label nodes ${t}${j}.kube.k-space.ee topology.kubernetes.io/zone=node${j}
+  done
+done
+```
+
 After forming the cluster add taints:
 
 ```bash

longhorn-system/README.md

@@ -1,8 +1,8 @@
 # Longhorn distributed block storage system
 
 The manifest was fetched from
-https://raw.githubusercontent.com/longhorn/longhorn/v1.2.4/deploy/longhorn.yaml
+https://raw.githubusercontent.com/longhorn/longhorn/v1.4.0/deploy/longhorn.yaml
-and then heavily modified.
+and then heavily modified as per `changes.diff`
 
 To deploy Longhorn use following:
 

longhorn-system/changes.diff

@@ -0,0 +1,92 @@
+--- ref	2023-02-20 11:15:07.340650467 +0200
++++ application.yml	2023-02-19 18:38:05.059234209 +0200
+@@ -60,14 +60,14 @@
+         storageclass.kubernetes.io/is-default-class: "true"
+     provisioner: driver.longhorn.io
+     allowVolumeExpansion: true
+-    reclaimPolicy: "Delete"
++    reclaimPolicy: "Retain"
+     volumeBindingMode: Immediate
+     parameters:
+-      numberOfReplicas: "3"
++      numberOfReplicas: "2"
+       staleReplicaTimeout: "30"
+       fromBackup: ""
+-      fsType: "ext4"
+-      dataLocality: "disabled"
++      fsType: "xfs"
++      dataLocality: "best-effort"
+ ---
+ # Source: longhorn/templates/crds.yaml
+ apiVersion: apiextensions.k8s.io/v1
+@@ -3869,6 +3869,11 @@
+         app.kubernetes.io/version: v1.4.0
+         app: longhorn-manager
+     spec:
++      tolerations:
++      - key: dedicated
++        operator: Equal
++        value: storage
++        effect: NoSchedule
+       initContainers:
+       - name: wait-longhorn-admission-webhook
+         image: longhornio/longhorn-manager:v1.4.0
+@@ -3968,6 +3973,10 @@
+         app.kubernetes.io/version: v1.4.0
+         app: longhorn-driver-deployer
+     spec:
++      tolerations:
++      - key: dedicated
++        operator: Equal
++        value: storage
+       initContainers:
+         - name: wait-longhorn-manager
+           image: longhornio/longhorn-manager:v1.4.0
+@@ -4037,6 +4046,11 @@
+         app.kubernetes.io/version: v1.4.0
+         app: longhorn-recovery-backend
+     spec:
++      tolerations:
++      - key: dedicated
++        operator: Equal
++        value: storage
++        effect: NoSchedule
+       affinity:
+         podAntiAffinity:
+           preferredDuringSchedulingIgnoredDuringExecution:
+@@ -4103,6 +4117,11 @@
+         app.kubernetes.io/version: v1.4.0
+         app: longhorn-ui
+     spec:
++      tolerations:
++      - key: dedicated
++        operator: Equal
++        value: storage
++        effect: NoSchedule
+       affinity:
+         podAntiAffinity:
+           preferredDuringSchedulingIgnoredDuringExecution:
+@@ -4166,6 +4185,11 @@
+         app.kubernetes.io/version: v1.4.0
+         app: longhorn-conversion-webhook
+     spec:
++      tolerations:
++      - key: dedicated
++        operator: Equal
++        value: storage
++        effect: NoSchedule
+       affinity:
+         podAntiAffinity:
+           preferredDuringSchedulingIgnoredDuringExecution:
+@@ -4226,6 +4250,11 @@
+         app.kubernetes.io/version: v1.4.0
+         app: longhorn-admission-webhook
+     spec:
++      tolerations:
++      - key: dedicated
++        operator: Equal
++        value: storage
++        effect: NoSchedule
+       affinity:
+         podAntiAffinity:
+           preferredDuringSchedulingIgnoredDuringExecution: