From 316a372b682bdfa9534e8113e51933cc53b1e3ca Mon Sep 17 00:00:00 2001
From: Borja Urquiza <urquiza@textkernel.nl>
Date: Wed, 1 Nov 2023 10:01:00 +0100
Subject: [PATCH 1/3] Create variables for ipvs kernel modules

---
 roles/kubernetes/node/defaults/main.yml | 16 ++++++++++++++++
 roles/kubernetes/node/tasks/main.yml    | 23 +++++++++--------------
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index f5dbf38ab0c..fb48a79c0fc 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -240,3 +240,19 @@ azure_cloud: AzurePublicCloud
 #   - TLS_RSA_WITH_AES_256_CBC_SHA
 #   - TLS_RSA_WITH_AES_256_GCM_SHA384
 #   - TLS_RSA_WITH_RC4_128_SHA
+
+kube_proxy_ipvs_modules:
+  - ip_vs
+  - ip_vs_rr
+  - ip_vs_wrr
+  - ip_vs_sh
+  - ip_vs_wlc
+  - ip_vs_lc
+
+kube_proxy_ipvs_modules_list: |
+  ip_vs
+  ip_vs_rr
+  ip_vs_wrr
+  ip_vs_sh
+  ip_vs_wlc
+  ip_vs_lc
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index f89e03e2df8..7ad115316d2 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -113,10 +113,7 @@
     name: "{{ item }}"
     state: present
   with_items:
-    - ip_vs
-    - ip_vs_rr
-    - ip_vs_wrr
-    - ip_vs_sh
+    - "{{ kube_proxy_ipvs_modules }}"
   when: kube_proxy_mode == 'ipvs'
   tags:
     - kube-proxy
@@ -136,20 +133,18 @@
   copy:
     dest: /etc/modules-load.d/kube_proxy-ipvs.conf
     mode: 0644
-    content: |
-      ip_vs
-      ip_vs_rr
-      ip_vs_wrr
-      ip_vs_sh
-      {% if modprobe_nf_conntrack_ipv4 is success -%}
-      nf_conntrack_ipv4
-      {%-   endif -%}
+    content: "{{ kube_proxy_ipvs_modules_list }}"
   when: kube_proxy_mode == 'ipvs'
   tags:
     - kube-proxy
 
-- name: Check cloud provider credentials
-  include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
+- name: Add nf_conntrack_ipv4 to file if module is mounted
+  shell: "echo 'nf_conntrack_ipv4' >> /etc/modules-load.d/kube_proxy-ipvs.conf"
+  when: modprobe_nf_conntrack_ipv4 is success
+  tags:
+    - kube-proxy
+
+- include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
   when:
     - cloud_provider is defined
     - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]

From 4d125be91dc656ca702c57ec475791276ced0bd6 Mon Sep 17 00:00:00 2001
From: Borja Urquiza <urquiza@textkernel.nl>
Date: Wed, 1 Nov 2023 12:12:50 +0100
Subject: [PATCH 2/3] Corrected kubernetes role node task missing name

---
 roles/kubernetes/node/tasks/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 7ad115316d2..7737a9d9dec 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -144,7 +144,8 @@
   tags:
     - kube-proxy
 
-- include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
+- name: Check cloud provider credentials
+  include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
   when:
     - cloud_provider is defined
     - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]

From d6a04e5f3f836ca7a6a246803a47a8dac627dbb7 Mon Sep 17 00:00:00 2001
From: Borja Urquiza <urquiza@textkernel.nl>
Date: Fri, 3 Nov 2023 16:47:46 +0100
Subject: [PATCH 3/3] Added changes as suggested during review by VannTen

---
 roles/kubernetes/node/defaults/main.yml |  8 --------
 roles/kubernetes/node/tasks/main.yml    | 18 +++++++++---------
 2 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index fb48a79c0fc..9d21d50147c 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -248,11 +248,3 @@ kube_proxy_ipvs_modules:
   - ip_vs_sh
   - ip_vs_wlc
   - ip_vs_lc
-
-kube_proxy_ipvs_modules_list: |
-  ip_vs
-  ip_vs_rr
-  ip_vs_wrr
-  ip_vs_sh
-  ip_vs_wlc
-  ip_vs_lc
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 7737a9d9dec..7eb5b2e597d 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -112,8 +112,7 @@
   community.general.modprobe:
     name: "{{ item }}"
     state: present
-  with_items:
-    - "{{ kube_proxy_ipvs_modules }}"
+  loop: "{{ kube_proxy_ipvs_modules }}"
   when: kube_proxy_mode == 'ipvs'
   tags:
     - kube-proxy
@@ -129,21 +128,22 @@
   tags:
     - kube-proxy
 
+- name: Add nf_conntrack_ipv4 kube-proxy ipvs module list
+  set_fact:
+    kube_proxy_ipvs_modules: "{{ kube_proxy_ipvs_modules + ['nf_conntrack_ipv4'] }}"
+  when: modprobe_nf_conntrack_ipv4 is success
+  tags:
+    - kube-proxy
+
 - name: Persist ip_vs modules
   copy:
     dest: /etc/modules-load.d/kube_proxy-ipvs.conf
     mode: 0644
-    content: "{{ kube_proxy_ipvs_modules_list }}"
+    content: "{{ kube_proxy_ipvs_modules | join('\n') }}"
   when: kube_proxy_mode == 'ipvs'
   tags:
     - kube-proxy
 
-- name: Add nf_conntrack_ipv4 to file if module is mounted
-  shell: "echo 'nf_conntrack_ipv4' >> /etc/modules-load.d/kube_proxy-ipvs.conf"
-  when: modprobe_nf_conntrack_ipv4 is success
-  tags:
-    - kube-proxy
-
 - name: Check cloud provider credentials
   include_tasks: "cloud-credentials/{{ cloud_provider }}-credential-check.yml"
   when: