From dedc00661a2df59330ead0b9bb03cbf7658b229c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hedayat=20Vatankhah=20=28=D9=87=D8=AF=D8=A7=DB=8C=D8=AA=29?=
 <hedayat.fwd@gmail.com>
Date: Thu, 30 May 2024 14:55:21 +0330
Subject: [PATCH] Add 'system-packages' tag to control installing packages from
 OS repositories (#10872)

---
 docs/ansible/ansible.md                    | 1 +
 docs/operations/offline-environment.md     | 4 +++-
 roles/kubernetes/preinstall/tasks/main.yml | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/ansible/ansible.md b/docs/ansible/ansible.md
index 43769e0d9..40d52f9c3 100644
--- a/docs/ansible/ansible.md
+++ b/docs/ansible/ansible.md
@@ -231,6 +231,7 @@ The following tags are defined in playbooks:
 | services                       | Remove services (etcd, kubelet etc...) when resetting |
 | snapshot                       | Enabling csi snapshot                                 |
 | snapshot-controller            | Configuring csi snapshot controller                   |
+| system-packages                | Install packages using OS package manager             |
 | upgrade                        | Upgrading, f.e. container images/binaries             |
 | upload                         | Distributing images/binaries across hosts             |
 | vsphere-csi-driver             | Configuring csi driver: vsphere                       |
diff --git a/docs/operations/offline-environment.md b/docs/operations/offline-environment.md
index bbd412c53..0c5e1bf9e 100644
--- a/docs/operations/offline-environment.md
+++ b/docs/operations/offline-environment.md
@@ -103,7 +103,9 @@ If you use the settings like the one above, you'll need to define in your invent
   can store them anywhere as long as it's accessible by kubespray. It's recommended to use `*_version` in the path so
   that you don't need to modify this setting everytime kubespray upgrades one of these components.
 * `yum_repo`/`debian_repo`/`ubuntu_repo`: OS package repository depending on your OS, should point to your internal
-  repository. Adjust the path accordingly.
+  repository. Adjust the path accordingly. Used only for Docker/Containerd packages (if needed); other packages might
+  be installed from other repositories. You might disable installing packages from other repositories by skipping
+  the `system-packages` tag
 
 ## Install Kubespray Python Packages
 
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index ee4de5d50..ee846f8ba 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -68,6 +68,7 @@
     - not dns_late
   tags:
     - bootstrap-os
+    - system-packages
 
 - name: Apply system configurations
   import_tasks: 0080-system-configurations.yml
-- 
GitLab