- Fix 'Set fact joined_control_panes' into 'Set fact joined_control_planes'

Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>

Also remove redundant check in the kubelet config template (we define a
default, so the setting will always be "true")

Signed-off-by: tu1h <lihai.tu@daocloud.io>

* Fix modprobe module on Flatcar

* Add todo about upstream issue report

This avoid needlessly overriding things and make cleanup easier.
Also simplifies the template a bit.

This is removed from kubernetes since 1.25, time to cut some dead code.

* Disable control plane allocating podCIDR for nodes when using calico

Calico does not use the .spec.podCIDR field for its IP address
management.
Furthermore, it can false positives from the kube controller manager if
kube_network_node_prefix and calico_pool_blocksize are unaligned, which
is the case with the default shipped by kubespray.

If the subnets obtained from using kube_network_node_prefix are bigger,
this would result at some point in the control plane thinking it does
not have subnets left for a new node, while calico will work without
problems.

Explicitely set a default value of false for calico_ipam_host_local to
facilitate its use in templates.

* Don't default to kube_network_node_prefix for calico_pool_blocksize

They have different semantics: kube_network_node_prefix is intended to
be the size of the subnet for all pods on a node, while there can be
more than on calico block of the specified size (they are allocated on
demand).

Besides, this commit does not actually change anything, because the
current code is buggy: we don't ever default to
kube_network_node_prefix, since the variable is defined in the role
defaults.

This reverts commit ee0f1e9d.

Avoid restarting all api servers at once by changing their config.

remove embedded template

* Mask systemd swap.target do disable swap

This is a more generic way to disable swap, since it pulls .swap units
in systemd distributions; fstab is only one way to generate .swap units.

* Unconditionally disable swap

We only care to disable it (the "swapon" registered variable is not used
anywhere else.
This allows to get rid of the ignore_errors, since this was added
because swapon.stdout does not exist in check_mode (see issue #6642).

* Don't explicitly disable swapOnZram

We're already masking the swap.target, which would pull the zram unit,
hence no need to handle zram-generator specifically.

* Try both conntrack modules instead of checking kernel version

Depending on kernel distributor, the kernel version might not be a
correct indicator of the conntrack module use.
Instead, we check both (and use the first found).

* Use modproble.persistent rather than manual persistence

Signed-off-by: AbhishekKr <abhikumar163@gmail.com>

* Validate systemd unit files

This ensure that we fail early if we have a bad systemd unit file
(syntax error, using a version not available in the local version, etc)

* Hack to check systemd version for service files validation

factory-reset.target was introduced in system 250, same version as the
aliasing feature we need for verifying systemd services with ansible.
So we only actually executes the validation if that target is present.

This is an horrible hack which should be reverted as soon as we drop
support for distributions with systemd<250.

* Create variables for ipvs kernel modules

* Corrected kubernetes role node task missing name

* Added changes as suggested during review by VannTen

* Use RandomizedDelaySec to spread out control certificates renewal plane

If the number of control plane node is superior to 6, using (index * 10
minutes) will fail (03:60:00 is not a valid timestamp).

Compared to just fixing the jinja expression (to use a modulo for
example), this should avoid having two control planes certificates
update node being triggered at the same time.

* Make k8s-certs-renew.timer Persistent

If the control plane happens to be offline during the scheduled
certificates renewal (node failure or anything like that), we still want
the renewal to happen.

* containerd: refactor handlers to use 'listen'

* cri-dockerd: refactor handlers to use 'listen'

* cri-o: refactor handlers to use 'listen'

* docker: refactor handlers to use 'listen'

* etcd: refactor handlers to use 'listen'

* control-plane: refactor handlers to use 'listen'

* kubeadm: refactor handlers to use 'listen'

* node: refactor handlers to use 'listen'

* preinstall: refactor handlers to use 'listen'

* calico: refactor handlers to use 'listen'

* kube-router: refactor handlers to use 'listen'

* macvlan: refactor handlers to use 'listen'

It was not 'false', which made some tasks (e.g. using systemd-resolved
template) to effectively remove default search domains; caused DNS loop
after rebooting the node/restarting cluster, so localdns service didn't
run correctly.

Signed-off-by: tu1h <lihai.tu@daocloud.io>

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* Migrate node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane

* [external-lb-kubeconfig]: fix server address in worker kubelet.conf

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>

* [external-lb-kubeconfig]: fix server address in kube-proxy

Signed-off-by: Furkan Pehlivan <furkanpehlivan34@gmail.com>

---------

Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
Signed-off-by: Furkan Pehlivan <furkanpehlivan34@gmail.com>
Co-authored-by: Furkan Pehlivan <furkanpehlivan34@gmail.com>

Signed-off-by: Jason Witkowski <jwitko1@gmail.com>

when people run playbook with option `--tags=kubelet`, the kubelet config may changed, because some variables used in task populating `kubelet-config.yml`  could be different with running task(`Fetch facts`)

Signed-off-by: hang.jiang <hang.jiang@daocloud.io>

Signed-off-by: tu1h <lihai.tu@daocloud.io>

* de-populate hosts file if populate_inventory_to_hosts_file is false

keep newline

* fix when condition