Check conntrack module presence instead of kernel version (#10662)

* Try both conntrack modules instead of checking kernel version Depending on kernel distributor, the kernel version might not be a correct indicator of the conntrack module use. Instead, we check both (and use the first found). * Use modproble.persistent rather than manual persistence
2026-02-02 10:08:13 -03:30 · 2023-11-28 18:31:02 +01:00
parent 70bb19dd23
commit 612cfdceb1
2 changed files with 10 additions and 21 deletions
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -249,6 +249,7 @@ kube_proxy_ipvs_modules:
  - ip_vs_wlc
  - ip_vs_lc

-# Ensure IPVS required kernel module is picked based on Linux Kernel version
-# in reference to: https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md#run-kube-proxy-in-ipvs-mode
-conntrack_module: "{{ ansible_kernel is version_compare('4.19', '>=') | ternary('nf_conntrack', 'nf_conntrack_ipv4') }}"
+# Kubespray will use the first module of this list which it can successfully modprobe
+conntrack_modules:
+  - nf_conntrack
+  - nf_conntrack_ipv4