fix: update config.example and scripts for kubespray v2.30 group names

Follow-up to PR NVIDIA#1336: rename remaining kube-master references to
kube_control_plane and k8s-cluster to k8s_cluster in config.example
group_vars, example playbook, and helper scripts (debug.sh, deploy_rook.sh).

Also update ssh-hardening collection reference (dev-sec.ssh-hardening ->
devsec.hardening) in config.example/group_vars/all.yml.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Douglas Holt <dholt@nvidia.com>

Author: dholt

config.example/group_vars/all.yml

@@ -107,7 +107,7 @@ users:
 
 ################################################################################
 # SSH HARDENING                                                                #
-#   dev-sec.ssh-hardening role called from users playbook                      #
+#   devsec.hardening role called from users playbook                           #
 ################################################################################
 
 ssh_client_hardening: false
@@ -146,7 +146,7 @@ nvidia_driver_force_install: false
 # CONTAINER RUNTIME                                                            #
 ################################################################################
 # Docker configuration
-# Playbook: docker, nvidia-docker, k8s-cluster
+# Playbook: docker, nvidia-docker, k8s_cluster
 #
 # For supported Docker versions, see: submodules/kubespray/roles/container-engine/docker/vars/*
 docker_install: yes

config.example/group_vars/k8s_cluster.yml

@@ -51,7 +51,7 @@ hosts_add_ansible_managed_hosts_groups: ["k8s_cluster"]
 k8s_nfs_client_provisioner: true
 k8s_deploy_nfs_server: true
 k8s_nfs_mkdir: true # Set to false if an export dir is already configured with proper permissions
-k8s_nfs_server: '{{ groups["kube-master"][0] }}'
+k8s_nfs_server: '{{ groups["kube_control_plane"][0] }}'
 k8s_nfs_export_path: '/export/deepops_nfs'
 
 # NFS Server
@@ -65,9 +65,9 @@ nfs_exports:
 # Container registry                                                           #
 ################################################################################
 kube_enable_container_registry: false
-docker_insecure_registries: "{{ groups['kube-master']|map('regex_replace', '^(.*)$', '\\1:5000')|list + ['registry.local:31500']}}"
-crio_insecure_registries: "{{ groups['kube-master']|map('regex_replace', '^(.*)$', '\\1:5000')|list + ['registry.local:31500']}}"
-docker_registry_mirrors: "{{ groups['kube-master'] | map('regex_replace', '^(.*)$', 'http://\\1:5000') | list }}"
+docker_insecure_registries: "{{ groups['kube_control_plane']|map('regex_replace', '^(.*)$', '\\1:5000')|list + ['registry.local:31500']}}"
+crio_insecure_registries: "{{ groups['kube_control_plane']|map('regex_replace', '^(.*)$', '\\1:5000')|list + ['registry.local:31500']}}"
+docker_registry_mirrors: "{{ groups['kube_control_plane'] | map('regex_replace', '^(.*)$', 'http://\\1:5000') | list }}"
 
 # TODO: The presence of an insecure local containerd registry in K8s v1.24+ seems to be causing an issue, add support for this back when the issue is fixed
 # BUG: https://github.com/kubernetes-sigs/kubespray/issues/9956
@@ -89,6 +89,6 @@ image_command_tool: "crictl"
 ################################################################################
 kube_enable_rsyslog_server: true
 kube_enable_rsyslog_client: true
-rsyslog_server_hostname: "{{ groups['kube-master'][0] }}"
+rsyslog_server_hostname: "{{ groups['kube_control_plane'][0] }}"
 rsyslog_client_tcp_host: "{{ rsyslog_server_hostname }}"
-rsyslog_client_group: "k8s-cluster"
+rsyslog_client_group: "k8s_cluster"

config.example/playbooks/example.yml

@@ -10,7 +10,7 @@
 # documentation:
 #   https://docs.ansible.com/ansible/latest/user_guide/playbooks.html
 
-- hosts: kube-node
+- hosts: kube_node
   become: yes
   tasks:
   - name: install cowsay

scripts/k8s/debug.sh

@@ -5,7 +5,7 @@
 # Ideally this is run out of the DeepOps repo used to deploy the cluster
 # However, this script will also work best-effort for any K8s cluster, DeepOps or otherwise
 # Requirements for this script are a working "kubectl" and ideally a working "helm"
-# Optionally, a working "ansible" with a config/inventory file that has kubernetes node defined in a kube-node group
+# Optionally, a working "ansible" with a config/inventory file that has kubernetes node defined in a kube_node group
 
 # Source common libraries and env variables
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
@@ -25,12 +25,12 @@ git log --pretty=oneline | head -n 20 > ${logdir}/git-log.log
 ansible --version
 
 # GPU configuration
-ansible kube-node -ba "nvidia-smi" -vv > ${logdir}/nvidia-smi.log
-ansible kube-node -ba "cat /etc/nvidia/gridd.conf" -vv > ${logdir}/vgpu-gridd.conf.log
+ansible kube_node -ba "nvidia-smi" -vv > ${logdir}/nvidia-smi.log
+ansible kube_node -ba "cat /etc/nvidia/gridd.conf" -vv > ${logdir}/vgpu-gridd.conf.log
 
 # Docker configuration
-ansible kube-node -ba "docker info" -vv > ${logdir}/docker-info.log
-ansible kube-node -ba "cat /etc/docker/daemon.json" -vv > ${logdir}/docker-daemon.log
+ansible kube_node -ba "docker info" -vv > ${logdir}/docker-info.log
+ansible kube_node -ba "cat /etc/docker/daemon.json" -vv > ${logdir}/docker-daemon.log
 
 # Kubectl (Generic for any Kubernetes cluster)
 kubectl version
@@ -70,7 +70,7 @@ helm list -aA > ${logdir}/helm-list.log
 
 # DCGM example output / metrics
 # Collect metrics from all nodes for debug
-ansible kube-node -vv -bm raw -a "curl http://127.0.0.1:9400/metrics" > ${logdir}/dcgm-metrics.log
+ansible kube_node -vv -bm raw -a "curl http://127.0.0.1:9400/metrics" > ${logdir}/dcgm-metrics.log
 
 # Packaging
 name="config/k8s-debug-${timestamp}.tgz"

scripts/k8s/deploy_rook.sh

@@ -72,7 +72,7 @@ function delete_rook() {
   kubectl -n rook-ceph delete storageclass rook-ceph-block
   kubectl delete ns rook-ceph-system
   kubectl delete ns rook-ceph
-  ansible k8s-cluster -b -m file -a "path=/var/lib/rook state=absent"
+  ansible k8s_cluster -b -m file -a "path=/var/lib/rook state=absent"
 }