From 6b1188e3dcce4b1afa10c79cd23bf86fbc987e0a Mon Sep 17 00:00:00 2001
From: AbhishekKr <abhikumar163@gmail.com>
Date: Mon, 20 Nov 2023 14:18:06 +0530
Subject: [PATCH] [fix] modprobe_nf_conntrack for new Linux Kernel, when using
 ipvs (#10625)

Signed-off-by: AbhishekKr <abhikumar163@gmail.com>
---
 roles/kubernetes/node/defaults/main.yml |  4 ++++
 roles/kubernetes/node/tasks/main.yml    | 12 ++++++------
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 9d21d5014..fb9fdf329 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -248,3 +248,7 @@ kube_proxy_ipvs_modules:
   - ip_vs_sh
   - ip_vs_wlc
   - ip_vs_lc
+
+# Ensure IPVS required kernel module is picked based on Linux Kernel version
+# in reference to: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md#run-kube-proxy-in-ipvs-mode
+conntrack_module: "{{ ansible_kernel is version_compare('4.19', '>=') | ternary('nf_conntrack', 'nf_conntrack_ipv4') }}"
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 7eb5b2e59..6af9c776f 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -117,21 +117,21 @@
   tags:
     - kube-proxy
 
-- name: Modprobe nf_conntrack_ipv4
+- name: "Modprobe {{ conntrack_module }}"
   community.general.modprobe:
-    name: nf_conntrack_ipv4
+    name: "{{ conntrack_module }}"
     state: present
-  register: modprobe_nf_conntrack_ipv4
+  register: modprobe_conntrack_module
   ignore_errors: true  # noqa ignore-errors
   when:
     - kube_proxy_mode == 'ipvs'
   tags:
     - kube-proxy
 
-- name: Add nf_conntrack_ipv4 kube-proxy ipvs module list
+- name: "Add {{ conntrack_module }} kube-proxy ipvs module list"
   set_fact:
-    kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + ['nf_conntrack_ipv4'] }}"
-  when: modprobe_nf_conntrack_ipv4 is success
+    kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + [conntrack_module] }}"
+  when: modprobe_conntrack_module is success
   tags:
     - kube-proxy
 
-- 
GitLab