Update k8s and openstack-cloud-controller-manager version, fix nginx-ingres publishing, kubenet -> calico cni, make installation of packages idempotent, ...

[pfisterer]

This is a cumulative PR that is part of a larger effort to update k8s to the newest version. It includes the following changes:

---

Make publishing services via nginx-ingres work

• Change helm install --namespace {{ k8s_ingress_namespace }} --set 'controller.extraArgs.default-ssl-certificate=cert-manager/ingress-certificate-secret' --set 'controller.publishService.enabled=true' --set 'controller.image.tag=0.25.1' '{{ k8s_ingress_release_name }}' 'stable/nginx-ingress' to helm install --namespace {{ k8s_ingress_namespace }} --set 'controller.extraArgs.default-ssl-certificate=cert-manager/ingress-certificate-secret' --set-string 'controller.config.proxy-body-size=0' --set 'controller.publishService.enabled=true' '{{ k8s_ingress_release_name }}' 'stable/nginx-ingress' (roles/k8s-addons/tasks/nginx-ingress.yaml)

---

Use Calico CNI as networking substrate instead of the simple kubenet. This allows using advanced features such as network policies.

• Remove task "Clear static routes" (destroy.yaml)
• Remove [Route] section (files/cloud-config.j2)
• Change network-plugin: kubenet to network-plugin: cni (files/kubeadm-init.yaml.j2)
• Remove task HACK - replace --network-plugin=cni with --network-plugin=kubenet (roles/kubeadm-nodes/tasks/main.yaml)
• Add kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml to install calico

---

Update k8s version and openstack-cloud-controller-manager

• Change kubernetes version from v1.15.2 to v1.16.10
• Change openstack-cloud-controller-manager version v0.2.0 to 1.13.1

---

Make image version of openstack-cloud-controller-manager configurable from group_vars/all.yaml

• Add k8scloudprovider_image_version: 1.13.1 (group_vars/all.yaml)
• Change image: docker.io/k8scloudprovider/openstack-cloud-controller-manager:v0.2.0 to image: docker.io/k8scloudprovider/openstack-cloud-controller-manager:{{ k8scloudprovider_image_version }} (files/openstack-cloud-controller-manager-pod.yaml.j2)
• Change image: k8scloudprovider/k8s-keystone-auth:v0.2.0 to k8scloudprovider/k8s-keystone-auth:{{ k8scloudprovider_image_version }} (roles/k8s-addons/templates/k8s-keystone-auth.yaml.j2)

---

Make installation of package idempotent

• Modify current unhold → install → hold process to a process that is idempotent and faster (roles/kubeadm/tasks/main.yaml)

---

Update docker configuration to match the current k8s documentation (cf. https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/)

• Task "configure docker to use journald" has updated content field
• Add task to implement "Let iptables see bridged traffic"