If no_proxy_exclude_workers is true, workers will be excluded from th…

…e no_proxy variable. This prevents docker engine restarting when scaling workers. (kubernetes-sigs#6520) Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
southbridgeio · Jan 16, 2021 · 258ee3f · 258ee3f
1 parent a364c94
commit 258ee3f
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 34 deletions.
diff --git a/docs/proxy.md b/docs/proxy.md
@@ -14,3 +14,10 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro
 ## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
 
 `additional_no_proxy: "aditional_host,"`
+
+## Exclude workers from no_proxy
+
+Since workers are included in the no_proxy variable, by default, docker engine will be restarted on all nodes (all
+pods will restart) when adding or removing workers.  To override this behaviour by only including master nodes in the
+no_proxy variable, set:
+`no_proxy_exclude_workers: true`
diff --git a/docs/vars.md b/docs/vars.md
@@ -111,7 +111,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 * *docker_plugins* - This list can be used to define [Docker plugins](https://docs.docker.com/engine/extend/) to install.
 * *containerd_config* - Controls some parameters in containerd configuration file (usually /etc/containerd/config.toml).
   [Default config](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/container-engine/containerd/defaults/main.yml) can be overriden in inventory vars.
-* *http_proxy/https_proxy/no_proxy* - Proxy variables for deploying behind a
+* *http_proxy/https_proxy/no_proxy/no_proxy_exclude_workers/additional_no_proxy* - Proxy variables for deploying behind a
   proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames
   that correspond to each node.
 * *kubelet_cgroup_driver* - Allows manual override of the

diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
@@ -74,6 +74,11 @@ skip_non_kubeadm_warning: false
 ## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
 # additional_no_proxy: ""
 
+## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all
+## pods will restart) when adding or removing workers.  To override this behaviour by only including master nodes in the
+## no_proxy variable, set below to true:
+no_proxy_exclude_workers: false
+
 ## Certificate Management
 ## This setting determines whether certs are generated via scripts.
 ## Chose 'none' if you provide your own certificates.

diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml
@@ -1,33 +1,38 @@
----
-- name: Set no_proxy to all assigned cluster IPs and hostnames
-  set_fact:
-    no_proxy_prepare: >-
-      {%- if loadbalancer_apiserver is defined -%}
-      {{ apiserver_loadbalancer_domain_name| default('') }},
-      {{ loadbalancer_apiserver.address | default('') }},
-      {%- endif -%}
-      {%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
-      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
-      {%-   if item != hostvars[item].get('ansible_hostname', '') -%}
-      {{ hostvars[item]['ansible_hostname'] }},
-      {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
-      {%-   endif -%}
-      {{ item }},{{ item }}.{{ dns_domain }},
-      {%- endfor -%}
-      {%- if additional_no_proxy is defined -%}
-      {{ additional_no_proxy }},
-      {%- endif -%}
-      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
-  delegate_to: localhost
-  connection: local
-  delegate_facts: yes
-  become: no
-  run_once: yes
-
-- name: Populates no_proxy to all hosts
-  set_fact:
-    no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
-    proxy_env: "{{ proxy_env | combine({
-      'no_proxy': hostvars.localhost.no_proxy_prepare,
-      'NO_PROXY': hostvars.localhost.no_proxy_prepare
-    }) }}"
+---
+- name: Set no_proxy to all assigned cluster IPs and hostnames
+  set_fact:
+    no_proxy_prepare: >-
+      {%- if loadbalancer_apiserver is defined -%}
+      {{ apiserver_loadbalancer_domain_name| default('') }},
+      {{ loadbalancer_apiserver.address | default('') }},
+      {%- endif -%}
+      {%- if ( (no_proxy_exclude_workers is defined) and (no_proxy_exclude_workers) ) -%}
+      {% set cluster_or_master = 'kube-master' %}
+      {% else %}
+      {% set cluster_or_master = 'k8s-cluster' %}
+      {% endif %}
+      {%- for item in (groups[cluster_or_master] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
+      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
+      {%-   if item != hostvars[item].get('ansible_hostname', '') -%}
+      {{ hostvars[item]['ansible_hostname'] }},
+      {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
+      {%-   endif -%}
+      {{ item }},{{ item }}.{{ dns_domain }},
+      {%- endfor -%}
+      {%- if additional_no_proxy is defined -%}
+      {{ additional_no_proxy }},
+      {%- endif -%}
+      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
+  delegate_to: localhost
+  connection: local
+  delegate_facts: yes
+  become: no
+  run_once: yes
+
+- name: Populates no_proxy to all hosts
+  set_fact:
+    no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
+    proxy_env: "{{ proxy_env | combine({
+      'no_proxy': hostvars.localhost.no_proxy_prepare,
+      'NO_PROXY': hostvars.localhost.no_proxy_prepare
+    }) }}"