Add `enabled` to pkgs to handle ipvs

Some packages requirements depends on inventory variables (`kube_proxy_mode` in that case but it could apply to others). As the case seems pretty rare, instead of adding complexity to pkgs, we add an escape hatch to use jinja conditions. That should be revisited if we find ourselves shoehorning lots of logic in this later on.

Add `enabled` to pkgs to handle ipvs
088b1b0c · Max Gautier · 11f35e46 · 088b1b0c · 088b1b0c · 088b1b0c
Unverified Commit 088b1b0c authored 11 months ago by Max Gautier
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -6,9 +6,6 @@ epel_enabled: false
 # Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf
 dns_late: false
-common_required_pkgs:
-  - "{{ kube_proxy_mode == 'ipvs' | ternary(['ipvsadm', 'ipset'], []) }}"
 # Set to true if your network does not support IPv6
 # This may be necessary for pulling Docker images from
 # GCE docker repository

--- a/roles/kubernetes/preinstall/files/pkgs-schema.json
+++ b/roles/kubernetes/preinstall/files/pkgs-schema.json
@@ -9,6 +9,11 @@
            "type": "object",
            "additionalProperties": false,
            "properties": {
+                "enabled": {
+                    "description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja",
+                    "type": "boolean",
+                    "default": true
+                },
                "groups": {
                    "description": "Match if the host is in one of these groups. If not specified match any host.",
                    "type": "array",

--- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
+++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
@@ -64,7 +64,7 @@
    # The json_query for selecting packages name is split for readability
    # see files/pkgs-schema.json for the structure of `pkgs`
    # and the matching semantics
-    full_query: "[? value | ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
+    full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
    filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
    filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
    dquote: !unsafe '"'

--- a/roles/kubernetes/preinstall/vars/main.yml
+++ b/roles/kubernetes/preinstall/vars/main.yml
@@ -54,7 +54,15 @@ pkgs:
          major_versions:
          - "11"
          - "12"
+  ipset:
+    enabled: "{{ kube_proxy_mode != 'ipvs' }}"
+    groups:
+    - k8s_cluster
  iptables: *deb_redhat
+  ipvsadm:
+    enabled: "{{ kube_proxy_mode == 'ipvs' }}"
+    groups:
+    - k8s_cluster
  libseccomp: *redhat_family
  libseccomp2:
    groups: