Fix proxy usage when *_PROXY are present in environment (#7309)

Since a790935d02 all proxy users should be properly configured Now when you have *_PROXY vars in your environment it can leads to failure if NO_PROXY is not correct, or to persistent configuration changes as seen with kubeadm in 1c5391dda7 Instead of playing constant whack-a-bug, inject empty *_PROXY vars everywhere at the play level, and override at the task level when needed Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit 067db686f6)
2026-02-12 23:14:47 -03:30 · 2021-02-23 12:44:02 -05:00
parent 557139a8cf
commit fbdc2b3e20
14 changed files with 51 additions and 13 deletions
--- a/roles/download/tasks/prep_kubeadm_images.yml
+++ b/roles/download/tasks/prep_kubeadm_images.yml
@@ -38,7 +38,6 @@
  shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns|pause'"
  args:
    executable: /bin/bash
-  environment: "{{ proxy_disable_env }}"
  register: kubeadm_images_raw
  run_once: true
  changed_when: false
--- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
+++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
@@ -22,7 +22,6 @@
    {{ kubeadm_discovery_address }}
  args:
    creates: "{{ kube_cert_dir }}/apiserver-etcd-client.key"
-  environment: "{{ proxy_disable_env }}"

 - name: Delete unneeded certificates
  file:
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -36,7 +36,6 @@

 - name: Create kubeadm token for joining nodes with 24h expiration (default)
  command: "{{ bin_dir }}/kubeadm token create"
-  environment: "{{ proxy_disable_env }}"
  register: temp_token
  delegate_to: "{{ groups['kube-master'][0] }}"
  when: kubeadm_token is not defined
@@ -49,7 +48,6 @@

 - name: Get the kubeadm version
  command: "{{ bin_dir }}/kubeadm version -o short"
-  environment: "{{ proxy_disable_env }}"
  register: kubeadm_output
  changed_when: false

@@ -65,7 +63,8 @@
  when: not is_kube_master

 - name: Join to cluster if needed
-  environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"}) }}'
+  environment:
+    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"
  when: not is_kube_master and (not kubelet_conf.stat.exists)
  block:

--- a/roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-fix-apiserver.yml
@@ -20,7 +20,6 @@
    {{ bin_dir }}/kubeadm init phase kubeconfig all
    --config {{ kube_config_dir }}/kubeadm-config.yaml
    --kubeconfig-dir {{ kubeconfig_temp_dir.path }}
-  environment: "{{ proxy_disable_env }}"
  when: kubeconfig_correct_apiserver.rc != 0

 - name: Copy new kubeconfigs to kube config dir
--- a/roles/kubernetes/master/tasks/kubeadm-secondary.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-secondary.yml
@@ -16,7 +16,6 @@
    --config {{ kube_config_dir }}/kubeadm-config.yaml
    upload-certs
    --upload-certs
-  environment: "{{ proxy_disable_env }}"
  register: kubeadm_upload_cert
  when:
    - inventory_hostname == groups['kube-master']|first
@@ -58,7 +57,8 @@
    {{ bin_dir }}/kubeadm join
    --config {{ kube_config_dir }}/kubeadm-controlplane.yaml
    --ignore-preflight-errors=all
-  environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}'
+  environment:
+    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
  register: kubeadm_join_control_plane
  retries: 3
  throttle: 1
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -156,7 +156,8 @@
  until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr
  when: inventory_hostname == groups['kube-master']|first and not kubeadm_already_run.stat.exists
  failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
-  environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}'
+  environment:
+    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
  notify: Master | restart kubelet

 - name: set kubeadm certificate key
@@ -171,7 +172,6 @@
  shell: >-
    {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token delete {{ kubeadm_token }} || :;
    {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create {{ kubeadm_token }}
-  environment: "{{ proxy_disable_env }}"
  changed_when: false
  when:
    - inventory_hostname == groups['kube-master']|first
@@ -182,7 +182,6 @@

 - name: Create kubeadm token for joining nodes with 24h expiration (default)
  command: "{{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create"
-  environment: "{{ proxy_disable_env }}"
  changed_when: false
  register: temp_token
  retries: 5
--- a/roles/kubernetes/master/tasks/kubeadm-version.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-version.yml
@@ -1,7 +1,6 @@
 ---
 - name: Get the kubeadm version
  command: "{{ bin_dir }}/kubeadm version -o short"
-  environment: "{{ proxy_disable_env }}"
  register: kubeadm_output
  changed_when: false

--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -8,7 +8,6 @@

 - name: Get the kubeadm version
  command: "{{ bin_dir }}/kubeadm version -o short"
-  environment: "{{ proxy_disable_env }}"
  register: kubeadm_output
  changed_when: false