Browse Source
Add `enabled` to pkgs to handle ipvs
Some packages requirements depends on inventory variables
(`kube_proxy_mode` in that case but it could apply to others).
As the case seems pretty rare, instead of adding complexity to pkgs, we
add an escape hatch to use jinja conditions.
That should be revisited if we find ourselves shoehorning lots of logic
in this later on.
Max Gautier
11 months ago
4 changed files with
14 additions and
4 deletions
roles/kubernetes/preinstall/defaults/main.yml
roles/kubernetes/preinstall/files/pkgs-schema.json
roles/kubernetes/preinstall/tasks/0070-system-packages.yml
roles/kubernetes/preinstall/vars/main.yml
@ -6,9 +6,6 @@ epel_enabled: false
# Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf # Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf
dns_late : false dns_late : false
common_required_pkgs:
- "{{ kube_proxy_mode == 'ipvs' | ternary(['ipvsadm', 'ipset'], []) }}"
# Set to true if your network does not support IPv6 # Set to true if your network does not support IPv6
# This may be necessary for pulling Docker images from # This may be necessary for pulling Docker images from
# GCE docker repository # GCE docker repository
@ -9,6 +9,11 @@
"type" : "object" , "type" : "object" ,
"additionalProperties" : false , "additionalProperties" : false ,
"properties" : { "properties" : {
"enabled" : {
"description" : "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja" ,
"type" : "boolean" ,
"default" : true
} ,
"groups" : { "groups" : {
"description" : "Match if the host is in one of these groups. If not specified match any host." , "description" : "Match if the host is in one of these groups. If not specified match any host." ,
"type" : "array" , "type" : "array" ,
@ -64,7 +64,7 @@
# The json_query for selecting packages name is split for readability # The json_query for selecting packages name is split for readability
# see files/pkgs-schema.json for the structure of `pkgs` # see files/pkgs-schema.json for the structure of `pkgs`
# and the matching semantics # and the matching semantics
full_query : "[? value | ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
full_query : "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
filters_groups : "groups | @ == null || [? contains(`{{ group_names }}`, @)]" filters_groups : "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
filters_os : "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))" filters_os : "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
dquote : !unsafe '"' dquote : !unsafe '"'
@ -54,7 +54,15 @@ pkgs:
major_versions: major_versions:
- "11" - "11"
- "12" - "12"
ipset:
enabled : "{{ kube_proxy_mode != 'ipvs' }}"
groups:
- k8s_cluster
iptables : *deb_redhat iptables : *deb_redhat
ipvsadm:
enabled : "{{ kube_proxy_mode == 'ipvs' }}"
groups:
- k8s_cluster
libseccomp : *redhat_family libseccomp : *redhat_family
libseccomp2: libseccomp2:
groups: groups:
Max Gautier
11 months ago