Browse Source
Directly list conntrack modules instead of using a variable (#12475)
The conntrack kernel modules have no reason to be something else than
those two options, so there is no reason to have a variable.
pull/12279/merge
Max Gautier
1 month ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
3 additions and
6 deletions
-
roles/kubernetes/node/defaults/main.yml
-
roles/kubernetes/node/tasks/main.yml
|
|
@ -183,11 +183,6 @@ kube_proxy_ipvs_modules: |
|
|
- ip_vs_wlc |
|
|
- ip_vs_wlc |
|
|
- ip_vs_lc |
|
|
- ip_vs_lc |
|
|
|
|
|
|
|
|
# Kubespray will use the first module of this list which it can successfully modprobe |
|
|
|
|
|
conntrack_modules: |
|
|
|
|
|
- nf_conntrack |
|
|
|
|
|
- nf_conntrack_ipv4 |
|
|
|
|
|
|
|
|
|
|
|
# Set this option to "" (empty) to disable staticPodPath (See docs/operations/hardening.md) |
|
|
# Set this option to "" (empty) to disable staticPodPath (See docs/operations/hardening.md) |
|
|
kubelet_static_pod_path: "{{ kube_manifest_dir }}" |
|
|
kubelet_static_pod_path: "{{ kube_manifest_dir }}" |
|
|
|
|
|
|
|
|
|
|
|
@ -123,7 +123,9 @@ |
|
|
persistent: present |
|
|
persistent: present |
|
|
register: modprobe_conntrack_module |
|
|
register: modprobe_conntrack_module |
|
|
ignore_errors: true # noqa ignore-errors |
|
|
ignore_errors: true # noqa ignore-errors |
|
|
loop: "{{ conntrack_modules }}" |
|
|
|
|
|
|
|
|
loop: |
|
|
|
|
|
- nf_conntrack |
|
|
|
|
|
- nf_conntrack_ipv4 |
|
|
when: |
|
|
when: |
|
|
- kube_proxy_mode == 'ipvs' |
|
|
- kube_proxy_mode == 'ipvs' |
|
|
- modprobe_conntrack_module is not defined or modprobe_conntrack_module is ansible.builtin.failed # loop until first success |
|
|
- modprobe_conntrack_module is not defined or modprobe_conntrack_module is ansible.builtin.failed # loop until first success |
|
|
|
