From db9dd034805cbddbf564048d48e8344f0f2d890c Mon Sep 17 00:00:00 2001 From: Oliver Welter Date: Wed, 23 Jul 2025 15:21:40 +0200 Subject: [PATCH 1/8] Add missing dependency for execution --- molecule/default/requirements.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index 8f7dff5..ee02f1a 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,2 +1,6 @@ --- -- src: geerlingguy.containerd +roles: + - src: geerlingguy.containerd + +collections: + - name: community.general From 0df0d33223c5a0e318da921525db50d2e228d360 Mon Sep 17 00:00:00 2001 From: Oliver Welter Date: Wed, 23 Jul 2025 15:21:56 +0200 Subject: [PATCH 2/8] Remove unused package curl --- tasks/main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 3fa409a..1357968 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,9 +8,6 @@ - include_tasks: setup-Debian.yml when: ansible_os_family == 'Debian' -- name: Ensure dependencies are installed. - package: name=curl state=present - - name: Install Kubernetes packages. package: name: "{{ item.name | default(item) }}" From 673e522987220b784e9db1dc3ebc171d15d7f618 Mon Sep 17 00:00:00 2001 From: Oliver Welter Date: Wed, 23 Jul 2025 15:32:21 +0200 Subject: [PATCH 3/8] Load module br_netfilter --- tasks/sysctl-setup.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tasks/sysctl-setup.yml b/tasks/sysctl-setup.yml index 174ebca..bd4918c 100644 --- a/tasks/sysctl-setup.yml +++ b/tasks/sysctl-setup.yml @@ -7,6 +7,12 @@ ansible_distribution != 'Debian' or ansible_distribution_major_version | int < 10 +- name: Ensure module br_netfilter is loaded + modprobe: + name: br_netfilter + state: present + persistent: present + # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic - name: Let iptables see bridged traffic. sysctl: From 321375f702347606fcf99a041e7ba799bddb6ca5 Mon Sep 17 00:00:00 2001 From: Vivian Hafener Date: Sat, 26 Jul 2025 15:02:37 -0600 Subject: [PATCH 4/8] Moves apiversions for kubeadm, kubelet, and proxy apiVersions for kubeadm, the kubelet, and the kubeproxy are hardcoded in kubeadm-kubelet-config.j2. This commit parameterizes those values and moves them to main.yml. --- defaults/main.yml | 5 +++++ templates/kubeadm-kubelet-config.j2 | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 1a25f4f..7296e1c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -29,6 +29,11 @@ kubernetes_pod_network: # cidr: '192.168.0.0/16' kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml' + +kubernetes_config_kubeadm_apiversion: v1beta3 +kubenetes_config_kubelet_apiversion: v1beta1 +kubernetes_config_kubeproxy_apiversion: v1alpha1 + kubernetes_config_kubelet_configuration: cgroupDriver: "systemd" diff --git a/templates/kubeadm-kubelet-config.j2 b/templates/kubeadm-kubelet-config.j2 index 3c49c2e..3f86c17 100644 --- a/templates/kubeadm-kubelet-config.j2 +++ b/templates/kubeadm-kubelet-config.j2 @@ -1,20 +1,20 @@ --- -apiVersion: kubeadm.k8s.io/v1beta3 +apiVersion: kubeadm.k8s.io/{{ kubernetes_config_kubeadm_apiversion }} kind: InitConfiguration {{ kubernetes_config_init_configuration | to_nice_yaml }} --- -apiVersion: kubeadm.k8s.io/v1beta3 +apiVersion: kubeadm.k8s.io/{{ kubernetes_config_kubeadm_apiversion }} kind: ClusterConfiguration {{ kubernetes_config_cluster_configuration | to_nice_yaml }} {% if kubernetes_config_kubelet_configuration|length > 0 %} --- -apiVersion: kubelet.config.k8s.io/v1beta1 +apiVersion: kubelet.config.k8s.io/{{ kubenetes_config_kubelet_apiversion }} kind: KubeletConfiguration {{ kubernetes_config_kubelet_configuration | to_nice_yaml }} {% endif %} {% if kubernetes_config_kube_proxy_configuration|length > 0 %} --- -apiVersion: kubeproxy.config.k8s.io/v1alpha1 +apiVersion: kubeproxy.config.k8s.io/{{ kubernetes_config_kubeproxy_apiversion }} kind: KubeProxyConfiguration {{ kubernetes_config_kube_proxy_configuration | to_nice_yaml }} {% endif %} From 46f8eacaae2c12dd5160895e05f68ff0014cb3fa Mon Sep 17 00:00:00 2001 From: Oliver Welter Date: Fri, 1 Aug 2025 00:24:01 +0200 Subject: [PATCH 5/8] Update kubeadm apiversion to v1beta4 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 73e9523..4164ac0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -30,7 +30,7 @@ kubernetes_pod_network: kubernetes_kubeadm_kubelet_config_file_path: '/etc/kubernetes/kubeadm-kubelet-config.yaml' -kubernetes_config_kubeadm_apiversion: v1beta3 +kubernetes_config_kubeadm_apiversion: v1beta4 kubenetes_config_kubelet_apiversion: v1beta1 kubernetes_config_kubeproxy_apiversion: v1alpha1 From 67fd4614702b2d45e615de5cce52c413ad5ce13d Mon Sep 17 00:00:00 2001 From: Oliver Welter Date: Fri, 1 Aug 2025 00:27:50 +0200 Subject: [PATCH 6/8] Add check for virtualization environment --- tasks/sysctl-setup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/sysctl-setup.yml b/tasks/sysctl-setup.yml index bd4918c..4b4b5a0 100644 --- a/tasks/sysctl-setup.yml +++ b/tasks/sysctl-setup.yml @@ -12,6 +12,7 @@ name: br_netfilter state: present persistent: present + when: not ansible_virtualization_type == "docker" # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic - name: Let iptables see bridged traffic. From bb9ddb6e7a1fcfc97c7db4350fb6931c30c877ff Mon Sep 17 00:00:00 2001 From: Oliver Welter Date: Fri, 1 Aug 2025 01:44:30 +0200 Subject: [PATCH 7/8] Comment out loading module --- tasks/sysctl-setup.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/sysctl-setup.yml b/tasks/sysctl-setup.yml index 4b4b5a0..a5e3abb 100644 --- a/tasks/sysctl-setup.yml +++ b/tasks/sysctl-setup.yml @@ -7,12 +7,12 @@ ansible_distribution != 'Debian' or ansible_distribution_major_version | int < 10 -- name: Ensure module br_netfilter is loaded - modprobe: - name: br_netfilter - state: present - persistent: present - when: not ansible_virtualization_type == "docker" +# - name: Ensure module br_netfilter is loaded +# modprobe: +# name: br_netfilter +# state: present +# persistent: present +# when: not ansible_virtualization_type == "docker" # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic - name: Let iptables see bridged traffic. From da0de4ce91ef51dc572e0b1bb11884669186390e Mon Sep 17 00:00:00 2001 From: Oliver Welter Date: Fri, 1 Aug 2025 01:55:21 +0200 Subject: [PATCH 8/8] Use condition --- tasks/sysctl-setup.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/tasks/sysctl-setup.yml b/tasks/sysctl-setup.yml index a5e3abb..dc1a49f 100644 --- a/tasks/sysctl-setup.yml +++ b/tasks/sysctl-setup.yml @@ -7,12 +7,12 @@ ansible_distribution != 'Debian' or ansible_distribution_major_version | int < 10 -# - name: Ensure module br_netfilter is loaded -# modprobe: -# name: br_netfilter -# state: present -# persistent: present -# when: not ansible_virtualization_type == "docker" +- name: Ensure module br_netfilter is loaded + modprobe: + name: br_netfilter + state: present + persistent: present + when: not ansible_virtualization_type == "docker" # See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic - name: Let iptables see bridged traffic. @@ -24,5 +24,6 @@ - net.bridge.bridge-nf-call-iptables - net.bridge.bridge-nf-call-ip6tables when: > - ansible_distribution != 'Debian' - or ansible_distribution_major_version | int < 10 + ( ansible_distribution != 'Debian' + or ansible_distribution_major_version | int < 10 + ) and not ansible_virtualization_type == "docker"