From e442b1d2b9ce7734093a724c3d35462f1b3cbcb8 Mon Sep 17 00:00:00 2001
From: Etienne Champetier <e.champetier@ateme.com>
Date: Wed, 3 Mar 2021 10:27:20 -0500
Subject: [PATCH] Add kube-ipvs0/nodelocaldns to NetworkManager
unmanaged-devices (#7315)
On CentOS 8 they seem to be ignored by default, but better be extra safe
This also make it easy to exclude other network plugin interfaces
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
---
roles/kubernetes/preinstall/handlers/main.yml | 1 -
.../0062-networkmanager-unmanaged-devices.yml | 36 +++++++++++++++++++
...anager.yml => 0063-networkmanager-dns.yml} | 0
roles/kubernetes/preinstall/tasks/main.yml | 6 +++-
roles/network_plugin/calico/handlers/main.yml | 6 ----
roles/network_plugin/calico/tasks/install.yml | 23 ------------
roles/reset/tasks/main.yml | 2 ++
7 files changed, 43 insertions(+), 31 deletions(-)
create mode 100644 roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
rename roles/kubernetes/preinstall/tasks/{0062-networkmanager.yml => 0063-networkmanager-dns.yml} (100%)
diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml
index bdaaff3e3..ec78c50b6 100644
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@@ -33,7 +33,6 @@
service:
name: NetworkManager.service
state: restarted
- when: is_fedora_coreos
- name: Preinstall | reload kubelet
service:
diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
new file mode 100644
index 000000000..b8b673bd2
--- /dev/null
+++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
@@ -0,0 +1,36 @@
+---
+- name: NetworkManager | Check if host has NetworkManager
+ # noqa 303 Should we use service_facts for this?
+ command: systemctl is-active --quiet NetworkManager.service
+ register: nm_check
+ failed_when: false
+ changed_when: false
+
+- name: NetworkManager | Ensure NetworkManager conf.d dir
+ file:
+ path: "/etc/NetworkManager/conf.d"
+ state: directory
+ recurse: yes
+ when: nm_check.rc == 0
+
+- name: NetworkManager | Prevent NetworkManager from managing Calico interfaces (cali*/tunl*/vxlan.calico)
+ copy:
+ content: |
+ [keyfile]
+ unmanaged-devices+=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
+ dest: /etc/NetworkManager/conf.d/calico.conf
+ when:
+ - nm_check.rc == 0
+ - kube_network_plugin == "calico"
+ notify: Preinstall | reload NetworkManager
+
+# TODO: add other network_plugin interfaces
+
+- name: NetworkManager | Prevent NetworkManager from managing K8S interfaces (kube-ipvs0/nodelocaldns)
+ copy:
+ content: |
+ [keyfile]
+ unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns
+ dest: /etc/NetworkManager/conf.d/k8s.conf
+ when: nm_check.rc == 0
+ notify: Preinstall | reload NetworkManager
diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml b/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml
similarity index 100%
rename from roles/kubernetes/preinstall/tasks/0062-networkmanager.yml
rename to roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index b5c571342..2a3418b0e 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -39,7 +39,11 @@
- bootstrap-os
- resolvconf
-- import_tasks: 0062-networkmanager.yml
+- import_tasks: 0062-networkmanager-unmanaged-devices.yml
+ tags:
+ - bootstrap-os
+
+- import_tasks: 0063-networkmanager-dns.yml
when:
- dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf'
diff --git a/roles/network_plugin/calico/handlers/main.yml b/roles/network_plugin/calico/handlers/main.yml
index 97f57ce69..b4b7af860 100644
--- a/roles/network_plugin/calico/handlers/main.yml
+++ b/roles/network_plugin/calico/handlers/main.yml
@@ -25,9 +25,3 @@
until: crictl_calico_node_remove is succeeded
retries: 5
when: container_manager in ["crio", "containerd"]
-
-- name: Calico | Reload NetworkManager
- service:
- name: NetworkManager
- state: reloaded
- when: '"running" in nm_check.stdout'
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index e28115edd..9029ae94a 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -6,29 +6,6 @@
mode: 0755
remote_src: yes
-- name: Calico | Check if host has NetworkManager
- # noqa 303 Should we use service_facts for this?
- command: systemctl is-active --quiet NetworkManager.service
- register: nm_check
- failed_when: false
- changed_when: false
-
-- name: Calico | Ensure NetworkManager conf.d dir
- file:
- path: "/etc/NetworkManager/conf.d"
- state: directory
- recurse: yes
- when: nm_check.rc == 0
-
-- name: Calico | Prevent NetworkManager from managing Calico interfaces
- copy:
- content: |
- [keyfile]
- unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
- dest: /etc/NetworkManager/conf.d/calico.conf
- when: nm_check.rc == 0
- notify: Calico | Reload NetworkManager
-
- name: Calico | Write Calico cni config
template:
src: "cni-calico.conflist.j2"
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index c0749191b..1a78788f7 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -257,6 +257,8 @@
- /etc/dnsmasq.d-available
- /etc/etcd.env
- /etc/calico
+ - /etc/NetworkManager/conf.d/calico.conf
+ - /etc/NetworkManager/conf.d/k8s.conf
- /etc/weave.env
- /opt/cni
- /etc/dhcp/dhclient.d/zdnsupdate.sh
--
GitLab