* contrib/terraform/exoscale: Rework SSH public keys

Exoscale has a few limitations with `exoscale_ssh_keypair` resources.
Creating several clusters with these scripts may lead to an error like:

```
Error: API error ParamError 431 (InvalidParameterValueException 4350): The key pair "lj-sc-ssh-key" already has this fingerprint
```

This patch reworks handling of SSH public keys. Specifically, we rely on
the more cloud-agnostic way of configuring SSH public keys via
`cloud-init`.

* contrib/terraform/exoscale: terraform fmt

* contrib/terraform/exoscale: Add terraform validate

* contrib/terraform/exoscale: Inline public SSH keys

The Terraform scripts need to install some SSH key, so that Kubespray
(i.e., the "Ansible part") can take over. Initially, we pointed the
Terraform scripts to `~/.ssh/id_rsa.pub`. This proved to be suboptimal:
Operators sharing responbility for a cluster risk unnecessarily replacing resources.

Therefore, it has been determined that it's best to inline the public
SSH keys. The chosen variable `ssh_public_keys` provides some uniformity
with `contrib/azurerm`.

* Fix Terraform Exoscale test

* Fix Terraform 0.14 test

* Added terraform support for Exoscale

* Fixed markdown lint error on exoscale terraform

Implemented in #6547

This variable was added as KUBE_MASTERS_MASTERS. That's probably a typo.
Remove the redundant `_MASTERS` suffix. Also, document the variable in the
help message.

This fixes the following failures:

./contrib/offline/README.md:14:1 MD014/commands-show-output Dollar signs used before commands without showing output [Context: "$ ./manage-offline-container-i..."]
./contrib/offline/README.md:20:1 MD014/commands-show-output Dollar signs used before commands without showing output [Context: "$ ./manage-offline-container-i..."]

One challenge of offline deployment was how to collect necessary
container images as a preparation. This adds a script to solve it.

This fixes markdownlint failures under roles/

This fixes markdown failures on contrib/terraform.

* Added gcp terraform support

* Added http/https firewall rule

* Ignoring lifecycle changes for attached disks on the google_compute_instance

* [terraform/aws] Fix Terraform >=0.13 warnings

Terraform >=0.13 gives the following warning:

```
Warning: Interpolation-only expressions are deprecated
```

The fix was tested as follows:
```
rm -rf .terraform && terraform0.12.26 init && terraform0.12.26 validate
rm -rf .terraform && terraform0.13.5 init && terraform0.13.5 validate
rm -rf .terraform && terraform0.14.3 init && terraform0.14.3 validate
```
which gave no errors nor warnings.

* [terraform/openstack] Fixes for Terraform >=0.13

Terraform >=0.13 gives the following error:
```
Error: Failed to install providers
Could not find required providers, but found possible alternatives:
  hashicorp/openstack -> terraform-provider-openstack/openstack
```

This patch fixes these errors.

This fix was tested as follows:
```
rm -rf .terraform && terraform0.12.26 init && terraform0.12.26 validate
rm -rf .terraform && terraform0.13.5 init && terraform0.13.5 validate
rm -rf .terraform && terraform0.14.3 init && terraform0.14.3 validate
```
which gave no errors nor warnings for Terraform 0.13.5 and Terraform
0.14.3. Unfortunately, 0.12.x gives a harmless warning, but
with 0.14.3 out the door, I guess we need to move on.

* [terraform/packet] Fixes for Terraform >=0.13

This fix was tested as follows:
```
export PACKET_AUTH_TOKEN=blah-blah
rm -rf .terraform && terraform0.12.26 init && terraform0.12.26 validate
rm -rf .terraform && terraform0.13.5 init && terraform0.13.5 validate
rm -rf .terraform && terraform0.14.3 init && terraform0.14.3 validate
```

Errors are gone, but warnings still remain. It is impossible to please
all three versions of Terraform.

* Add tests for Terraform >=0.13

This fixes markdownlint failures under contrib/network-storage and
contrib/vault.

Now markdownlint covers ./README.md and md files under ./docs only.
However we have a lot of md files under different directories also.
This enables markdownlint for other md files also.

Added "boto3" as dependency in "requirements.txt" which is required by "kubespray-aws-inventory.py".

Signed-off-by: Pratik raj <rajpratik71@gmail.com>

* fix flake8 errors in Kubespray CI - tox-inventory-builder

* Invalidate CRI-O kubic repo's cache

Signed-off-by: Victor Morales <v.morales@samsung.com>

* add support to configure pkg install retries

and use in CI job tf-ovh_ubuntu18-calico (due to it failing often)

* Switch Calico, Cilium and MetalLB image repos to Quay.io

Co-authored-by: Victor Morales <v.morales@samsung.com>
Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>

* add custom sec groups

* make sure groups are applied only when created

* fix spacing

* Add note about changing private IP in admin.conf.

When I run kubespray, a load balancer is created which should be used instead of the ip of the controller node.

* Procedure to find load balancer and update admin.conf

When I run kubespray, a load balancer is used instead of the private ip of the controller.

k8s_master_no_etcd_fips should not be input var

I kept seeing `TLS handshake error from 10.250.250.158:63770: EOF` from two IP addresses that correlate to my ELB. Changing the health check from TCP to HTTPS stopped the errors from being generated.

It was documented as if it were an Ansible variable, but it is a Terraform variable.
This also means the colon syntax was incorrect. TF variables are assigned with an equals sign.

Co-authored-by: rptaylor <rptaylor@uvic.ca>

The official word is OpenStack, not Openstack as [1].
This replaces it with OpenStack in the docs.

[1]: https://www.openstack.org/

This changes MetalLB contrib to one of addons for deploying MetalLB with
Kubernetes cluster deployment. By the default, Kubespray doesn't deploy
MetalLB addon.

inventory_builder creates hosts.yaml file with hostnames like "node1",
"node2", etc. Even if specifying override_system_hostname=false, the
output of "kubectl get nodes" shows those hostnames ("node1", etc.)
without using actual hostnames.
To solve this issue, this adds an option USE_REAL_HOSTNAME to get
actual hostnames when creating hosts.yaml file instead of "node1", etc.

Since MetalLB v0.8[1], metallb:speaker has started publishing an event
nodeAssigned on k8s resource.
To support MetalLB v0.8+, this allows metallb:speaker to create events.

[1]: https://github.com/metallb/metallb/commit/5cc6e237766d742fccde1a8a325baba2608024df#diff-60053ad6fecb5a3cfabb6f3d9e720899R246

If running MetalLB v0.7.3 on k8s v1.18.2, metallb pods output the
following parsing error of v1.ServiceList:

  $ kubectl logs controller-dbb46cf84-fw8h8 -n metallb-system
  {
    "caller":"reflector.go:205",
    "level":"error",
    "msg":"go.universe.tf/metallb/internal/k8s/k8s.go:231:
      Failed to list *v1.Service: v1.ServiceList:
        Items: []v1.Service: v1.Service: ObjectMeta:
        v1.ObjectMeta: readObjectFieldAsBytes:
        expect : after object field, parsing 1605

Then an external IP address is never allocated to the Service of
LoadBalancer type.
By updating MetalLB version to the latest v0.9[1] today, this issue
can be solved.

[1]: https://hub.docker.com/r/metallb/controller/tags

Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>

This updates MetalLB README as following
- Remove unnecessary markdown to read it easily on github
- Make words consistency (kubernetes, loadbalancer)
- Add change-required option