From 4fd722c4c12b441d0857c5bc29d1cd43df64b9b7 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 26 May 2020 18:08:10 +0200
Subject: finalize handling of network plugins. (needs testing)

---
 roles/kubernetes/kubeadm/base/tasks/main.yml          | 12 ++++++++++--
 roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml |  7 +++++++
 roles/kubernetes/kubeadm/base/tasks/net_none.yml      |  7 +++++++
 3 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
 create mode 100644 roles/kubernetes/kubeadm/base/tasks/net_none.yml

(limited to 'roles/kubernetes/kubeadm/base/tasks')

diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index 2d2bd324..7f2e02c2 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -59,5 +59,13 @@
     content: |
       alias hatop="hatop -s /var/run/haproxy/admin.sock"
 
-# - name: prepare network plugin
-#   include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
+## loading the modules temporarly because kubeadm will complain if they are not there
+#  but i don't think it is necessary to make this persistent, also ignoring changes here
+- name: load module br_netfilter to satisfy kubeadm init/join
+  modprobe:
+    name: br_netfilter
+    state: present
+  changed_when: false
+
+- name: prepare network plugin
+  include_tasks: "net_{{ kubernetes_network_plugin }}.yml"
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
new file mode 100644
index 00000000..0924c458
--- /dev/null
+++ b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml
@@ -0,0 +1,7 @@
+---
+- name: make sure kubernetes_network_plugin_replaces_kube_proxy is not set
+  run_once: yes
+  assert:
+    msg: "this network plugin can not replace kube-proxy please set kubernetes_network_plugin_replaces_kube_proxy to false."
+    that:
+      - not kubernetes_network_plugin_replaces_kube_proxy
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_none.yml b/roles/kubernetes/kubeadm/base/tasks/net_none.yml
new file mode 100644
index 00000000..0924c458
--- /dev/null
+++ b/roles/kubernetes/kubeadm/base/tasks/net_none.yml
@@ -0,0 +1,7 @@
+---
+- name: make sure kubernetes_network_plugin_replaces_kube_proxy is not set
+  run_once: yes
+  assert:
+    msg: "this network plugin can not replace kube-proxy please set kubernetes_network_plugin_replaces_kube_proxy to false."
+    that:
+      - not kubernetes_network_plugin_replaces_kube_proxy
-- 
cgit v1.2.3