From 1301e69c7d1c3440fe662f77b500c52893ed249f Mon Sep 17 00:00:00 2001
From: holmesb <5072156+holmesb@users.noreply.github.com>
Date: Fri, 9 Oct 2020 09:15:07 +0100
Subject: [PATCH] =?UTF-8?q?If=20no=5Fproxy=5Fexclude=5Fworkers=20is=20true?=
 =?UTF-8?q?,=20workers=20will=20be=20excluded=20from=20the=20no=5Fproxy=20?=
 =?UTF-8?q?variable.=C2=A0=20This=20prevents=20docker=20engine=20restartin?=
 =?UTF-8?q?g=20when=20scaling=20workers.=20(#6520)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
---
 docs/proxy.md                               |  7 ++
 docs/vars.md                                |  2 +-
 inventory/sample/group_vars/all/all.yml     |  5 ++
 roles/kubespray-defaults/tasks/no_proxy.yml | 71 +++++++++++----------
 4 files changed, 51 insertions(+), 34 deletions(-)
 mode change 100644 => 100755 roles/kubespray-defaults/tasks/no_proxy.yml

diff --git a/docs/proxy.md b/docs/proxy.md
index 867b90f4d..cb8472d76 100644
--- a/docs/proxy.md
+++ b/docs/proxy.md
@@ -14,3 +14,10 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro
 ## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
 
 `additional_no_proxy: "aditional_host,"`
+
+## Exclude workers from no_proxy
+
+Since workers are included in the no_proxy variable, by default, docker engine will be restarted on all nodes (all
+pods will restart) when adding or removing workers.  To override this behaviour by only including master nodes in the
+no_proxy variable, set:
+`no_proxy_exclude_workers: true`
diff --git a/docs/vars.md b/docs/vars.md
index 710695e2b..598fd4d7a 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -109,7 +109,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 * *docker_plugins* - This list can be used to define [Docker plugins](https://docs.docker.com/engine/extend/) to install.
 * *containerd_config* - Controls some parameters in containerd configuration file (usually /etc/containerd/config.toml).
   [Default config](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/container-engine/containerd/defaults/main.yml) can be overriden in inventory vars.
-* *http_proxy/https_proxy/no_proxy* - Proxy variables for deploying behind a
+* *http_proxy/https_proxy/no_proxy/no_proxy_exclude_workers/additional_no_proxy* - Proxy variables for deploying behind a
   proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames
   that correspond to each node.
 * *kubelet_deployment_type* - Controls which platform to deploy kubelet on.
diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index f3b7042d3..aa517a903 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -68,6 +68,11 @@ loadbalancer_apiserver_healthcheck_port: 8081
 ## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
 # additional_no_proxy: ""
 
+## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all
+## pods will restart) when adding or removing workers.  To override this behaviour by only including master nodes in the
+## no_proxy variable, set below to true:
+no_proxy_exclude_workers: false
+
 ## Certificate Management
 ## This setting determines whether certs are generated via scripts.
 ## Chose 'none' if you provide your own certificates.
diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml
old mode 100644
new mode 100755
index 01c6e9ddf..07098c674
--- a/roles/kubespray-defaults/tasks/no_proxy.yml
+++ b/roles/kubespray-defaults/tasks/no_proxy.yml
@@ -1,33 +1,38 @@
----
-- name: Set no_proxy to all assigned cluster IPs and hostnames
-  set_fact:
-    no_proxy_prepare: >-
-      {%- if loadbalancer_apiserver is defined -%}
-      {{ apiserver_loadbalancer_domain_name| default('') }},
-      {{ loadbalancer_apiserver.address | default('') }},
-      {%- endif -%}
-      {%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
-      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
-      {%-   if item != hostvars[item].get('ansible_hostname', '') -%}
-      {{ hostvars[item]['ansible_hostname'] }},
-      {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
-      {%-   endif -%}
-      {{ item }},{{ item }}.{{ dns_domain }},
-      {%- endfor -%}
-      {%- if additional_no_proxy is defined -%}
-      {{ additional_no_proxy }},
-      {%- endif -%}
-      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
-  delegate_to: localhost
-  connection: local
-  delegate_facts: yes
-  become: no
-  run_once: yes
-
-- name: Populates no_proxy to all hosts
-  set_fact:
-    no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
-    proxy_env: "{{ proxy_env | combine({
-      'no_proxy': hostvars.localhost.no_proxy_prepare,
-      'NO_PROXY': hostvars.localhost.no_proxy_prepare
-    }) }}"
+---
+- name: Set no_proxy to all assigned cluster IPs and hostnames
+  set_fact:
+    no_proxy_prepare: >-
+      {%- if loadbalancer_apiserver is defined -%}
+      {{ apiserver_loadbalancer_domain_name| default('') }},
+      {{ loadbalancer_apiserver.address | default('') }},
+      {%- endif -%}
+      {%- if ( (no_proxy_exclude_workers is defined) and (no_proxy_exclude_workers) ) -%}
+      {% set cluster_or_master = 'kube-master' %}
+      {% else %}
+      {% set cluster_or_master = 'k8s-cluster' %}
+      {% endif %}
+      {%- for item in (groups[cluster_or_master] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
+      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
+      {%-   if item != hostvars[item].get('ansible_hostname', '') -%}
+      {{ hostvars[item]['ansible_hostname'] }},
+      {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
+      {%-   endif -%}
+      {{ item }},{{ item }}.{{ dns_domain }},
+      {%- endfor -%}
+      {%- if additional_no_proxy is defined -%}
+      {{ additional_no_proxy }},
+      {%- endif -%}
+      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
+  delegate_to: localhost
+  connection: local
+  delegate_facts: yes
+  become: no
+  run_once: yes
+
+- name: Populates no_proxy to all hosts
+  set_fact:
+    no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
+    proxy_env: "{{ proxy_env | combine({
+      'no_proxy': hostvars.localhost.no_proxy_prepare,
+      'NO_PROXY': hostvars.localhost.no_proxy_prepare
+    }) }}"
-- 
GitLab