Add kube-ipvs0/nodelocaldns to NetworkManager unmanaged-devices (#7315)

On CentOS 8 they seem to be ignored by default, but better be extra safe
This also make it easy to exclude other network plugin interfaces

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit e442b1d2b9)
This commit is contained in:
Etienne Champetier 2021-03-03 10:27:20 -05:00 committed by Kubernetes Prow Robot
parent f26cc9f75b
commit 53b9388b82
7 changed files with 43 additions and 31 deletions

View file

@ -33,7 +33,6 @@
service: service:
name: NetworkManager.service name: NetworkManager.service
state: restarted state: restarted
when: is_fedora_coreos
- name: Preinstall | reload kubelet - name: Preinstall | reload kubelet
service: service:

View file

@ -0,0 +1,36 @@
---
- name: NetworkManager | Check if host has NetworkManager
# noqa 303 Should we use service_facts for this?
command: systemctl is-active --quiet NetworkManager.service
register: nm_check
failed_when: false
changed_when: false
- name: NetworkManager | Ensure NetworkManager conf.d dir
file:
path: "/etc/NetworkManager/conf.d"
state: directory
recurse: yes
when: nm_check.rc == 0
- name: NetworkManager | Prevent NetworkManager from managing Calico interfaces (cali*/tunl*/vxlan.calico)
copy:
content: |
[keyfile]
unmanaged-devices+=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
dest: /etc/NetworkManager/conf.d/calico.conf
when:
- nm_check.rc == 0
- kube_network_plugin == "calico"
notify: Preinstall | reload NetworkManager
# TODO: add other network_plugin interfaces
- name: NetworkManager | Prevent NetworkManager from managing K8S interfaces (kube-ipvs0/nodelocaldns)
copy:
content: |
[keyfile]
unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns
dest: /etc/NetworkManager/conf.d/k8s.conf
when: nm_check.rc == 0
notify: Preinstall | reload NetworkManager

View file

@ -39,7 +39,11 @@
- bootstrap-os - bootstrap-os
- resolvconf - resolvconf
- import_tasks: 0062-networkmanager.yml - import_tasks: 0062-networkmanager-unmanaged-devices.yml
tags:
- bootstrap-os
- import_tasks: 0063-networkmanager-dns.yml
when: when:
- dns_mode != 'none' - dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf' - resolvconf_mode == 'host_resolvconf'

View file

@ -25,9 +25,3 @@
until: crictl_calico_node_remove is succeeded until: crictl_calico_node_remove is succeeded
retries: 5 retries: 5
when: container_manager in ["crio", "containerd"] when: container_manager in ["crio", "containerd"]
- name: Calico | Reload NetworkManager
service:
name: NetworkManager
state: reloaded
when: '"running" in nm_check.stdout'

View file

@ -6,29 +6,6 @@
mode: 0755 mode: 0755
remote_src: yes remote_src: yes
- name: Calico | Check if host has NetworkManager
# noqa 303 Should we use service_facts for this?
command: systemctl is-active --quiet NetworkManager.service
register: nm_check
failed_when: false
changed_when: false
- name: Calico | Ensure NetworkManager conf.d dir
file:
path: "/etc/NetworkManager/conf.d"
state: directory
recurse: yes
when: nm_check.rc == 0
- name: Calico | Prevent NetworkManager from managing Calico interfaces
copy:
content: |
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
dest: /etc/NetworkManager/conf.d/calico.conf
when: nm_check.rc == 0
notify: Calico | Reload NetworkManager
- name: Calico | Write Calico cni config - name: Calico | Write Calico cni config
template: template:
src: "cni-calico.conflist.j2" src: "cni-calico.conflist.j2"

View file

@ -257,6 +257,8 @@
- /etc/dnsmasq.d-available - /etc/dnsmasq.d-available
- /etc/etcd.env - /etc/etcd.env
- /etc/calico - /etc/calico
- /etc/NetworkManager/conf.d/calico.conf
- /etc/NetworkManager/conf.d/k8s.conf
- /etc/weave.env - /etc/weave.env
- /opt/cni - /opt/cni
- /etc/dhcp/dhclient.d/zdnsupdate.sh - /etc/dhcp/dhclient.d/zdnsupdate.sh