diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index 01ce93f0c..147033f38 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -144,5 +144,9 @@ debian_os_family_extensions: # Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use" systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}" +# Used to disable File Access Policy Daemon service. +# If service is enabled, the CNI plugin installation will fail +disable_fapolicyd: true + # Enable 0120-growpart-azure-centos-7 tasks growpart_azure_enabled: true diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml index 91a254290..d4fa45b8b 100644 --- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml @@ -136,3 +136,11 @@ state: present reload: yes with_items: "{{ additional_sysctl }}" + +- name: Disable fapolicyd service + failed_when: false + systemd: + name: fapolicyd + state: stopped + enabled: false + when: disable_fapolicyd