Add kube-ipvs0/nodelocaldns to NetworkManager unmanaged-devices

On CentOS 8 they seem to be ignored by default, but better be extra safe
This also make it easy to exclude other network plugin interfaces

Signed-off-by: Etienne Champetier <[email protected]>

roles/kubernetes/preinstall/handlers/main.yml

@@ -33,7 +33,6 @@
   service:
     name: NetworkManager.service
     state: restarted
-  when: is_fedora_coreos
 
 - name: Preinstall | reload kubelet
   service:

roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml

@@ -0,0 +1,36 @@
+---
+- name: NetworkManager | Check if host has NetworkManager
+  # noqa 303 Should we use service_facts for this?
+  command: systemctl is-active --quiet NetworkManager.service
+  register: nm_check
+  failed_when: false
+  changed_when: false
+
+- name: NetworkManager | Ensure NetworkManager conf.d dir
+  file:
+    path: "/etc/NetworkManager/conf.d"
+    state: directory
+    recurse: yes
+  when: nm_check.rc == 0
+
+- name: NetworkManager | Prevent NetworkManager from managing Calico interfaces (cali*/tunl*/vxlan.calico)
+  copy:
+    content: |
+      [keyfile]
+      unmanaged-devices+=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
+    dest: /etc/NetworkManager/conf.d/calico.conf
+  when:
+    - nm_check.rc == 0
+    - kube_network_plugin == "calico"
+  notify: Preinstall | reload NetworkManager
+
+# TODO: add other network_plugin interfaces
+
+- name: NetworkManager | Prevent NetworkManager from managing K8S interfaces (kube-ipvs0/nodelocaldns)
+  copy:
+    content: |
+      [keyfile]
+      unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns
+    dest: /etc/NetworkManager/conf.d/k8s.conf
+  when: nm_check.rc == 0
+  notify: Preinstall | reload NetworkManager

roles/kubernetes/preinstall/tasks/main.yml

@@ -39,7 +39,11 @@
     - bootstrap-os
     - resolvconf
 
-- import_tasks: 0062-networkmanager.yml
+- import_tasks: 0062-networkmanager-unmanaged-devices.yml
+  tags:
+    - bootstrap-os
+
+- import_tasks: 0063-networkmanager-dns.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'

roles/network_plugin/calico/handlers/main.yml

@@ -25,9 +25,3 @@
   until: crictl_calico_node_remove is succeeded
   retries: 5
   when: container_manager in ["crio", "containerd"]
-
-- name: Calico | Reload NetworkManager
-  service:
-    name: NetworkManager
-    state: reloaded
-  when: '"running" in nm_check.stdout'

roles/network_plugin/calico/tasks/install.yml

@@ -6,29 +6,6 @@
     mode: 0755
     remote_src: yes
 
-- name: Calico | Check if host has NetworkManager
-  # noqa 303 Should we use service_facts for this?
-  command: systemctl is-active --quiet NetworkManager.service
-  register: nm_check
-  failed_when: false
-  changed_when: false
-
-- name: Calico | Ensure NetworkManager conf.d dir
-  file:
-    path: "/etc/NetworkManager/conf.d"
-    state: directory
-    recurse: yes
-  when: nm_check.rc == 0
-
-- name: Calico | Prevent NetworkManager from managing Calico interfaces
-  copy:
-    content: |
-      [keyfile]
-      unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
-    dest: /etc/NetworkManager/conf.d/calico.conf
-  when: nm_check.rc == 0
-  notify: Calico | Reload NetworkManager
-
 - name: Calico | Write Calico cni config
   template:
     src: "cni-calico.conflist.j2"

roles/reset/tasks/main.yml

@@ -257,6 +257,8 @@
     - /etc/dnsmasq.d-available
     - /etc/etcd.env
     - /etc/calico
+    - /etc/NetworkManager/conf.d/calico.conf
+    - /etc/NetworkManager/conf.d/k8s.conf
     - /etc/weave.env
     - /opt/cni
     - /etc/dhcp/dhclient.d/zdnsupdate.sh