From 6b1188e3dcce4b1afa10c79cd23bf86fbc987e0a Mon Sep 17 00:00:00 2001 From: AbhishekKr Date: Mon, 20 Nov 2023 14:18:06 +0530 Subject: [PATCH] [fix] modprobe_nf_conntrack for new Linux Kernel, when using ipvs (#10625) Signed-off-by: AbhishekKr --- roles/kubernetes/node/defaults/main.yml | 4 ++++ roles/kubernetes/node/tasks/main.yml | 12 ++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 9d21d5014..fb9fdf329 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -248,3 +248,7 @@ kube_proxy_ipvs_modules: - ip_vs_sh - ip_vs_wlc - ip_vs_lc + +# Ensure IPVS required kernel module is picked based on Linux Kernel version +# in reference to: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md#run-kube-proxy-in-ipvs-mode +conntrack_module: "{{ ansible_kernel is version_compare('4.19', '>=') | ternary('nf_conntrack', 'nf_conntrack_ipv4') }}" diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 7eb5b2e59..6af9c776f 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -117,21 +117,21 @@ tags: - kube-proxy -- name: Modprobe nf_conntrack_ipv4 +- name: "Modprobe {{ conntrack_module }}" community.general.modprobe: - name: nf_conntrack_ipv4 + name: "{{ conntrack_module }}" state: present - register: modprobe_nf_conntrack_ipv4 + register: modprobe_conntrack_module ignore_errors: true # noqa ignore-errors when: - kube_proxy_mode == 'ipvs' tags: - kube-proxy -- name: Add nf_conntrack_ipv4 kube-proxy ipvs module list +- name: "Add {{ conntrack_module }} kube-proxy ipvs module list" set_fact: - kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + ['nf_conntrack_ipv4'] }}" - when: modprobe_nf_conntrack_ipv4 is success + kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + [conntrack_module] }}" + when: modprobe_conntrack_module is success tags: - kube-proxy