Check conntrack module presence instead of kernel version (#10662)

* Try both conntrack modules instead of checking kernel version Depending on kernel distributor, the kernel version might not be a correct indicator of the conntrack module use. Instead, we check both (and use the first found). * Use modproble.persistent rather than manual persistence
2023-11-28 18:31:02 +01:00
parent 70bb19dd23
commit 612cfdceb1
2 changed files with 10 additions and 21 deletions
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@ -249,6 +249,7 @@ kube_proxy_ipvs_modules:
  - ip_vs_wlc
  - ip_vs_lc
-# Ensure IPVS required kernel module is picked based on Linux Kernel version
+# Kubespray will use the first module of this list which it can successfully modprobe
-# in reference to: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md#run-kube-proxy-in-ipvs-mode
+conntrack_modules:
-conntrack_module: "{{ ansible_kernel is version_compare('4.19', '>=') | ternary('nf_conntrack', 'nf_conntrack_ipv4') }}"
+  - nf_conntrack
  - nf_conntrack_ipv4
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@ -112,35 +112,23 @@
  community.general.modprobe:
    name: "{{ item }}"
    state: present
    persistent: present
  loop: "{{ kube_proxy_ipvs_modules }}"
  when: kube_proxy_mode == 'ipvs'
  tags:
    - kube-proxy
- name: "Modprobe {{ conntrack_module }}"
+- name: Modprobe conntrack module
  community.general.modprobe:
-    name: "{{ conntrack_module }}"
+    name: "{{ item }}"
    state: present
    persistent: present
  register: modprobe_conntrack_module
  ignore_errors: true  # noqa ignore-errors
  loop: "{{ conntrack_modules }}"
  when:
    - kube_proxy_mode == 'ipvs'
-  tags:
+    - "(modprobe_conntrack_module|default({'rc': 1})).rc != 0"  # loop until first success
    - kube-proxy
 - name: "Add {{ conntrack_module }} kube-proxy ipvs module list"
  set_fact:
    kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + [conntrack_module] }}"
  when: modprobe_conntrack_module is success
  tags:
    - kube-proxy
 - name: Persist ip_vs modules
  copy:
    dest: /etc/modules-load.d/kube_proxy-ipvs.conf
    mode: 0644
    content: "{{ kube_proxy_ipvs_modules | join('\n') }}"
  when: kube_proxy_mode == 'ipvs'
  tags:
    - kube-proxy