Ensure kubeadm doesn't use proxy (#7275)

* Move proxy_env to kubespray-defaults/defaults There is no reasons to use set_facts here Signed-off-by: Etienne Champetier <e.champetier@ateme.com> * Ensure kubeadm doesn't use proxy *_proxy variables might be present in the environment (/etc/environment, bash profile, ...) When this is the case we end up with those proxy configuration in /etc/kubernetes/manifests/kube-*.yaml manifests We cannot unset env variables, but kubeadm is nice enough to ignore empty vars 93d288e2a4/cmd/kubeadm/app/util/env.go (L27) Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2026-02-28 09:39:12 +03:00 · 2021-02-16 11:44:58 -05:00
parent f2d10e9465
commit 1c5391dda7
11 changed files with 34 additions and 19 deletions
--- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
@@ -16,6 +16,7 @@
    --config {{ kube_config_dir }}/kubeadm-config.yaml
    upload-certs
    --upload-certs
+  environment: "{{ proxy_disable_env }}"
  register: kubeadm_upload_cert
  when:
    - inventory_hostname == groups['kube-master']|first
@@ -57,6 +58,7 @@
    {{ bin_dir }}/kubeadm join
    --config {{ kube_config_dir }}/kubeadm-controlplane.yaml
    --ignore-preflight-errors=all
+  environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}'
  register: kubeadm_join_control_plane
  retries: 3
  throttle: 1
@@ -64,8 +66,6 @@
  when:
    - inventory_hostname != groups['kube-master']|first
    - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists
-  environment:
-    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"

 - name: Set secret_changed to false to avoid extra token rotation
  set_fact: