Check conntrack module presence instead of kernel version (#10662)

* Try both conntrack modules instead of checking kernel version Depending on kernel distributor, the kernel version might not be a correct indicator of the conntrack module use. Instead, we check both (and use the first found). * Use modproble.persistent rather than manual persistence
1 year ago · 612cfdceb1
2 changed files with 10 additions and 21 deletions
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@ -249,6 +249,7 @@ kube_proxy_ipvs_modules:
  - ip_vs_wlc
  - ip_vs_lc

-# Ensure IPVS required kernel module is picked based on Linux Kernel version
-# in reference to: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md#run-kube-proxy-in-ipvs-mode
-conntrack_module: "{{ ansible_kernel is version_compare('4.19', '>=') | ternary('nf_conntrack', 'nf_conntrack_ipv4') }}"
+# Kubespray will use the first module of this list which it can successfully modprobe
+conntrack_modules:
+  - nf_conntrack
+  - nf_conntrack_ipv4
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@ -112,35 +112,23 @@
  community.general.modprobe:
    name: "{{ item }}"
    state: present
+    persistent: present
  loop: "{{ kube_proxy_ipvs_modules }}"
  when: kube_proxy_mode == 'ipvs'
  tags:
    - kube-proxy

- name: "Modprobe {{ conntrack_module }}"
+- name: Modprobe conntrack module
  community.general.modprobe:
-    name: "{{ conntrack_module }}"
+    name: "{{ item }}"
    state: present
+    persistent: present
  register: modprobe_conntrack_module
  ignore_errors: true  # noqa ignore-errors
+  loop: "{{ conntrack_modules }}"
  when:
    - kube_proxy_mode == 'ipvs'
-  tags:
-    - kube-proxy
-
- name: "Add {{ conntrack_module }} kube-proxy ipvs module list"
-  set_fact:
-    kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + [conntrack_module] }}"
-  when: modprobe_conntrack_module is success
-  tags:
-    - kube-proxy
-
- name: Persist ip_vs modules
-  copy:
-    dest: /etc/modules-load.d/kube_proxy-ipvs.conf
-    mode: 0644
-    content: "{{ kube_proxy_ipvs_modules | join('\n') }}"
-  when: kube_proxy_mode == 'ipvs'
+    - "(modprobe_conntrack_module|default({'rc': 1})).rc != 0"  # loop until first success
  tags:
    - kube-proxy