kubespray/roles/network_facts/tasks/no_proxy.yml

---
- name: Set no_proxy to all assigned cluster IPs and hostnames
  set_fact:
    # noqa: jinja[spacing]
    no_proxy_prepare: >-
      {%- if loadbalancer_apiserver is defined -%}
      {{ apiserver_loadbalancer_domain_name }},
      {{ loadbalancer_apiserver.address | default('') }},
      {%- endif -%}
      {%- if no_proxy_exclude_workers | default(false) -%}
      {% set cluster_or_control_plane = 'kube_control_plane' %}
      {%- else -%}
      {% set cluster_or_control_plane = 'k8s_cluster' %}
      {%- endif -%}
      {%- for item in (groups[cluster_or_control_plane] + groups['etcd'] | default([]) + groups['calico_rr'] | default([])) | unique -%}
      {{ hostvars[item]['main_access_ip'] }},
      {%- if item != hostvars[item].get('ansible_hostname', '') -%}
      {{ hostvars[item]['ansible_hostname'] }},
      {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
      {%- endif -%}
      {{ item }},{{ item }}.{{ dns_domain }},
      {%- endfor -%}
      {%- if additional_no_proxy is defined -%}
      {{ additional_no_proxy }},
      {%- endif -%}
      127.0.0.1,localhost,{{ kube_service_subnets }},{{ kube_pods_subnets }},svc,svc.{{ dns_domain }}
  delegate_to: localhost
  connection: local
  delegate_facts: true
  become: false
  run_once: true

- name: Populates no_proxy to all hosts
  set_fact:
    no_proxy: "{{ hostvars.localhost.no_proxy_prepare | select }}"
    # noqa: jinja[spacing]
    proxy_env: "{{ proxy_env | combine({
        'no_proxy': hostvars.localhost.no_proxy_prepare,
        'NO_PROXY': hostvars.localhost.no_proxy_prepare
      }) }}"