From a7d681abffbef632ac4479e6db509ec5b4d8c8af Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Fri, 2 May 2025 14:47:49 +0200 Subject: [PATCH] Install iputils with other packages --- roles/kubernetes/preinstall/defaults/main.yml | 3 --- .../preinstall/tasks/0040-verify-settings.yml | 17 ----------------- roles/kubespray-defaults/defaults/main/main.yml | 3 +++ roles/system_packages/vars/main.yml | 9 +++++++++ 4 files changed, 12 insertions(+), 20 deletions(-) diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml index cf31a9acf..248c25f9a 100644 --- a/roles/kubernetes/preinstall/defaults/main.yml +++ b/roles/kubernetes/preinstall/defaults/main.yml @@ -54,9 +54,6 @@ etc_hosts_localhost_entries: minimal_node_memory_mb: 1024 minimal_master_memory_mb: 1500 -# Check if access_ip responds to ping. Set false if your firewall blocks ICMP. -ping_access_ip: true - ## NTP Settings # Start the ntpd or chrony service and enable it at system boot. ntp_enabled: false diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml index e2ceff4e8..75831f5ab 100644 --- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml @@ -53,23 +53,6 @@ - not ignore_assert_errors - ip is defined -- name: Ensure ping package - package: - # noqa: jinja[spacing] - name: >- - {%- if ansible_os_family == 'Debian' -%} - iputils-ping - {%- else -%} - iputils - {%- endif -%} - state: present - when: - - main_access_ip is defined - - not ignore_assert_errors - - ping_access_ip - - not is_fedora_coreos - - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - - name: Stop if access_ip is not pingable command: ping -c1 {{ main_access_ip }} when: diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml index f71b92e27..635345fde 100644 --- a/roles/kubespray-defaults/defaults/main/main.yml +++ b/roles/kubespray-defaults/defaults/main/main.yml @@ -6,6 +6,9 @@ ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='s # selinux state preinstall_selinux_state: permissive +# Check if access_ip responds to ping. Set false if your firewall blocks ICMP. +ping_access_ip: true + # Setting this value to false will fail # For details, read this comment https://github.com/kubernetes-sigs/kubespray/pull/11016#issuecomment-2004985001 kube_api_anonymous_auth: true diff --git a/roles/system_packages/vars/main.yml b/roles/system_packages/vars/main.yml index cde133a4c..cd1c99267 100644 --- a/roles/system_packages/vars/main.yml +++ b/roles/system_packages/vars/main.yml @@ -41,6 +41,15 @@ pkgs: - "{{ 'k8s_cluster' in group_names }}" iptables: - "{{ ansible_os_family in ['Debian', 'RedHat'] }}" + iputils: + - "{{ not ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk', 'Debian'] }}" + - "{{ main_access_ip is defined }}" + - "{{ ping_access_ip }}" + - "{{ not is_fedora_coreos }}" + iputils-ping: + - "{{ ansible_os_family == 'Debian' }}" + - "{{ main_access_ip is defined }}" + - "{{ ping_access_ip }}" ipvsadm: - "{{ kube_proxy_mode == 'ipvs' }}" - "{{ 'k8s_cluster' in group_names }}"