fix: provide an option to ignore sysctl errors about unknown keys (#12514)

* fix: provide an option to ignore sysctl errors about unknown keys

* fix: rename sysctl_ignoreerrors and remove useless var definitions

inventory/sample/group_vars/all/all.yml

@@ -115,6 +115,9 @@ no_proxy_exclude_workers: false
 # sysctl_file_path to add sysctl conf to
 # sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
 
+# ignore sysctl errors about unknown keys
+# sysctl_ignore_unknown_keys: false
+
 ## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
 kube_webhook_token_auth: false
 kube_webhook_token_auth_url_skip_tls_verify: false

roles/kubernetes/node/tasks/main.yml

@@ -50,6 +50,7 @@
     sysctl_file: "{{ sysctl_file_path }}"
     state: present
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"
   when: kube_apiserver_node_port_range is defined
   tags:
     - kube-proxy
@@ -100,6 +101,7 @@
     sysctl_file: "{{ sysctl_file_path }}"
     value: "1"
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"
   when: sysctl_bridge_nf_call_iptables.rc == 0
   with_items:
     - net.bridge.bridge-nf-call-iptables

roles/kubernetes/preinstall/defaults/main.yml

@@ -28,6 +28,7 @@ kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/
 # for hostnet pods and infra needs
 resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
 
+# sysctl_file_path to add sysctl conf to
 sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
 
 # Minimal memory requirement in MB for safety checks

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -76,6 +76,7 @@
     value: "1"
     state: present
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"
   when: ipv4_stack | bool
 
 - name: Enable ipv6 forwarding
@@ -85,6 +86,7 @@
     value: "1"
     state: present
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"
   when: ipv6_stack | bool
 
 - name: Check if we need to set fs.may_detach_mounts
@@ -103,6 +105,7 @@
     value: 1
     state: present
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"
   when: fs_may_detach_mounts.stat.exists | d(false)
 
 - name: Ensure kubelet expected parameters are set
@@ -112,6 +115,7 @@
     value: "{{ item.value }}"
     state: present
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"
   with_items:
     - { name: kernel.keys.root_maxbytes, value: 25000000 }
     - { name: kernel.keys.root_maxkeys, value: 1000000 }
@@ -135,6 +139,7 @@
     value: "{{ item.value }}"
     state: present
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"
   with_items: "{{ additional_sysctl }}"
 
 - name: Disable fapolicyd service

roles/kubespray_defaults/defaults/main/main.yml

@@ -774,6 +774,9 @@ proxy_disable_env:
 # sysctl_file_path to add sysctl conf to
 sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
 
+# ignore sysctl errors about unknown keys
+sysctl_ignore_unknown_keys: false
+
 system_upgrade: false
 system_upgrade_reboot: on-upgrade  # never, always
 

roles/network_plugin/macvlan/tasks/main.yml

@@ -108,3 +108,4 @@
     sysctl_file: "{{ sysctl_file_path }}"
     state: present
     reload: true
+    ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"