[fix] modprobe_nf_conntrack for new Linux Kernel, when using ipvs (#10625)

Signed-off-by: AbhishekKr <abhikumar163@gmail.com>
1 year ago · 6b1188e3dc
2 changed files with 10 additions and 6 deletions
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@ -248,3 +248,7 @@ kube_proxy_ipvs_modules:
  - ip_vs_sh
  - ip_vs_wlc
  - ip_vs_lc
+
+# Ensure IPVS required kernel module is picked based on Linux Kernel version
+# in reference to: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md#run-kube-proxy-in-ipvs-mode
+conntrack_module: "{{ ansible_kernel is version_compare('4.19', '>=') | ternary('nf_conntrack', 'nf_conntrack_ipv4') }}"
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@ -117,21 +117,21 @@
  tags:
    - kube-proxy

- name: Modprobe nf_conntrack_ipv4
+- name: "Modprobe {{ conntrack_module }}"
  community.general.modprobe:
-    name: nf_conntrack_ipv4
+    name: "{{ conntrack_module }}"
    state: present
-  register: modprobe_nf_conntrack_ipv4
+  register: modprobe_conntrack_module
  ignore_errors: true  # noqa ignore-errors
  when:
    - kube_proxy_mode == 'ipvs'
  tags:
    - kube-proxy

- name: Add nf_conntrack_ipv4 kube-proxy ipvs module list
+- name: "Add {{ conntrack_module }} kube-proxy ipvs module list"
  set_fact:
-    kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + ['nf_conntrack_ipv4'] }}"
-  when: modprobe_nf_conntrack_ipv4 is success
+    kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + [conntrack_module] }}"
+  when: modprobe_conntrack_module is success
  tags:
    - kube-proxy