diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index f5dbf38ab..9d21d5014 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -240,3 +240,11 @@ azure_cloud: AzurePublicCloud # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_RSA_WITH_RC4_128_SHA + +kube_proxy_ipvs_modules: + - ip_vs + - ip_vs_rr + - ip_vs_wrr + - ip_vs_sh + - ip_vs_wlc + - ip_vs_lc diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index f89e03e2d..7eb5b2e59 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -112,11 +112,7 @@ community.general.modprobe: name: "{{ item }}" state: present - with_items: - - ip_vs - - ip_vs_rr - - ip_vs_wrr - - ip_vs_sh + loop: "{{ kube_proxy_ipvs_modules }}" when: kube_proxy_mode == 'ipvs' tags: - kube-proxy @@ -132,18 +128,18 @@ tags: - kube-proxy +- name: Add nf_conntrack_ipv4 kube-proxy ipvs module list + set_fact: + kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + ['nf_conntrack_ipv4'] }}" + when: modprobe_nf_conntrack_ipv4 is success + tags: + - kube-proxy + - name: Persist ip_vs modules copy: dest: /etc/modules-load.d/kube_proxy-ipvs.conf mode: 0644 - content: | - ip_vs - ip_vs_rr - ip_vs_wrr - ip_vs_sh - {% if modprobe_nf_conntrack_ipv4 is success -%} - nf_conntrack_ipv4 - {%- endif -%} + content: "{{ kube_proxy_ipvs_modules | join('\n') }}" when: kube_proxy_mode == 'ipvs' tags: - kube-proxy