fix network bridge modules and sysctl

tasks/sysctl-setup.yml

@@ -8,14 +8,40 @@
     or ansible_distribution_major_version | int < 10
 
 # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
-- name: Let iptables see bridged traffic.
+- name: Load br_netfilter module with every system start
-  sysctl:
+  lineinfile:
-    name: "{{ item }}"
+    line: br_netfilter
-    value: '1'
+    path: /etc/modules-load.d/k8s.conf
-    state: present
+    create: yes
-  loop:
+  when: >
-    - net.bridge.bridge-nf-call-iptables
+    ansible_distribution != 'Debian'
-    - net.bridge.bridge-nf-call-ip6tables
+    or ansible_distribution_major_version | int < 10
+
+- name: Load br_netfilter module instantly
+  modprobe:
+    name: br_netfilter
+    state: present
+  when: >
+    ansible_distribution != 'Debian'
+    or ansible_distribution_major_version | int < 10
+
+- name: Let iptables see bridged traffic.
+  lineinfile:
+    line: "{{ item }}"
+    path: /etc/sysctl.d/k8s.conf
+    create: yes
+  loop:
+    - 'net.bridge.bridge-nf-call-ip6tables = 1'
+    - 'net.bridge.bridge-nf-call-iptables = 1'
+    - 'net.ipv4.ip_forward = 1'
+  when: >
+    ansible_distribution != 'Debian'
+    or ansible_distribution_major_version | int < 10
+  register: sysctld
+
+- name: reload the sysctl parameters
+  command: sysctl --system
+  when: sysctld.changed
   when: >
     ansible_distribution != 'Debian'
     or ansible_distribution_major_version | int < 10