diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml index 0d624bfcc..8a595e77b 100644 --- a/inventory/sample/group_vars/all/all.yml +++ b/inventory/sample/group_vars/all/all.yml @@ -115,6 +115,9 @@ no_proxy_exclude_workers: false # sysctl_file_path to add sysctl conf to # sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" +# ignore sysctl errors about unknown keys +# sysctl_ignore_unknown_keys: false + ## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication kube_webhook_token_auth: false kube_webhook_token_auth_url_skip_tls_verify: false diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index b53b2c2b0..55f506d62 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -50,6 +50,7 @@ sysctl_file: "{{ sysctl_file_path }}" state: present reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}" when: kube_apiserver_node_port_range is defined tags: - kube-proxy @@ -100,6 +101,7 @@ sysctl_file: "{{ sysctl_file_path }}" value: "1" reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}" when: sysctl_bridge_nf_call_iptables.rc == 0 with_items: - net.bridge.bridge-nf-call-iptables diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index e8d3e9540..f6d93f187 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -28,6 +28,7 @@ kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/ # for hostnet pods and infra needs resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf +# sysctl_file_path to add sysctl conf to sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" # Minimal memory requirement in MB for safety checks diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml index f1f742c23..2ed627a30 100644 --- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml @@ -76,6 +76,7 @@ value: "1" state: present reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}" when: ipv4_stack | bool - name: Enable ipv6 forwarding @@ -85,6 +86,7 @@ value: "1" state: present reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}" when: ipv6_stack | bool - name: Check if we need to set fs.may_detach_mounts @@ -103,6 +105,7 @@ value: 1 state: present reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}" when: fs_may_detach_mounts.stat.exists | d(false) - name: Ensure kubelet expected parameters are set @@ -112,6 +115,7 @@ value: "{{ item.value }}" state: present reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}" with_items: - { name: kernel.keys.root_maxbytes, value: 25000000 } - { name: kernel.keys.root_maxkeys, value: 1000000 } @@ -135,6 +139,7 @@ value: "{{ item.value }}" state: present reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}" with_items: "{{ additional_sysctl }}" - name: Disable fapolicyd service diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml index b6795ff40..7e3921b2a 100644 --- a/roles/kubespray_defaults/defaults/main/main.yml +++ b/roles/kubespray_defaults/defaults/main/main.yml @@ -774,6 +774,9 @@ proxy_disable_env: # sysctl_file_path to add sysctl conf to sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" +# ignore sysctl errors about unknown keys +sysctl_ignore_unknown_keys: false + system_upgrade: false system_upgrade_reboot: on-upgrade # never, always diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml index 6ffe3348c..1db02e0b4 100644 --- a/roles/network_plugin/macvlan/tasks/main.yml +++ b/roles/network_plugin/macvlan/tasks/main.yml @@ -108,3 +108,4 @@ sysctl_file: "{{ sysctl_file_path }}" state: present reload: true + ignoreerrors: "{{ sysctl_ignore_unknown_keys }}"