Use puppet-kmod to manage kernel_modules

.fixtures.yml

@@ -6,3 +6,4 @@ fixtures:
  archive: "puppet/archive"
  stdlib: "puppetlabs/stdlib"
  systemd: "camptocamp/systemd"
+ kmod: "puppet/kmod"

REFERENCE.md

@@ -68,6 +68,7 @@ Sets up a Kubernetes instance - either as a node or as a server
 
 The following parameters are available in the `k8s` class:
 
+* [`manage_kernel_modules`](#-k8s--manage_kernel_modules)
 * [`ensure`](#-k8s--ensure)
 * [`packaging`](#-k8s--packaging)
 * [`native_packaging`](#-k8s--native_packaging)
@@ -105,6 +106,14 @@ The following parameters are available in the `k8s` class:
 * [`cluster_domain`](#-k8s--cluster_domain)
 * [`role`](#-k8s--role)
 
+##### <a name="-k8s--manage_kernel_modules"></a>`manage_kernel_modules`
+
+Data type: `Boolean`
+
+A flag to manage required Kernel modules.
+
+Default value: `true`
+
 ##### <a name="-k8s--ensure"></a>`ensure`
 
 Data type: `K8s::Ensure`
@@ -408,6 +417,7 @@ The following parameters are available in the `k8s::node` class:
 * [`manage_kubelet`](#-k8s--node--manage_kubelet)
 * [`manage_proxy`](#-k8s--node--manage_proxy)
 * [`manage_firewall`](#-k8s--node--manage_firewall)
+* [`manage_kernel_modules`](#-k8s--node--manage_kernel_modules)
 * [`puppetdb_discovery_tag`](#-k8s--node--puppetdb_discovery_tag)
 * [`cert_path`](#-k8s--node--cert_path)
 * [`ca_cert`](#-k8s--node--ca_cert)
@@ -474,6 +484,14 @@ Data type: `Boolean`
 
 Default value: `$k8s::manage_firewall`
 
+##### <a name="-k8s--node--manage_kernel_modules"></a>`manage_kernel_modules`
+
+Data type: `Boolean`
+
+
+
+Default value: `$k8s::manage_kernel_modules`
+
 ##### <a name="-k8s--node--puppetdb_discovery_tag"></a>`puppetdb_discovery_tag`
 
 Data type: `String[1]`
@@ -690,6 +708,7 @@ The following parameters are available in the `k8s::node::kubelet` class:
 * [`auth`](#-k8s--node--kubelet--auth)
 * [`rotate_server_tls`](#-k8s--node--kubelet--rotate_server_tls)
 * [`manage_firewall`](#-k8s--node--kubelet--manage_firewall)
+* [`manage_kernel_modules`](#-k8s--node--kubelet--manage_kernel_modules)
 * [`support_dualstack`](#-k8s--node--kubelet--support_dualstack)
 * [`cert_path`](#-k8s--node--kubelet--cert_path)
 * [`kubeconfig`](#-k8s--node--kubelet--kubeconfig)
@@ -778,6 +797,14 @@ Data type: `Boolean`
 
 Default value: `$k8s::node::manage_firewall`
 
+##### <a name="-k8s--node--kubelet--manage_kernel_modules"></a>`manage_kernel_modules`
+
+Data type: `Boolean`
+
+
+
+Default value: `$k8s::node::manage_kernel_modules`
+
 ##### <a name="-k8s--node--kubelet--support_dualstack"></a>`support_dualstack`
 
 Data type: `Boolean`

manifests/init.pp

@@ -1,6 +1,10 @@
 # @summary Sets up a Kubernetes instance - either as a node or as a server
+# 
+# @param manage_kernel_modules
+# A flag to manage required Kernel modules.
+#
 class k8s (
- K8s::Ensure $ensure = 'present',
+ K8s::Ensure $ensure  = 'present',
  Enum['container', 'native'] $packaging = 'native',
  K8s::Native_packaging $native_packaging = 'loose',
  String[1] $version = '1.26.1',
@@ -16,6 +20,7 @@
 
  Boolean $manage_etcd = true,
  Boolean $manage_firewall = false,
+ Boolean $manage_kernel_modules = true,
  Boolean $manage_image = false,
  Boolean $manage_repo = true,
  Boolean $manage_packages = true,

manifests/node.pp

@@ -9,6 +9,7 @@
  Boolean $manage_kubelet = true,
  Boolean $manage_proxy = false,
  Boolean $manage_firewall = $k8s::manage_firewall,
+ Boolean $manage_kernel_modules = $k8s::manage_kernel_modules,
  String[1] $puppetdb_discovery_tag = $k8s::puppetdb_discovery_tag,
 
  Stdlib::Unixpath $cert_path = '/var/lib/kubelet/pki',

manifests/node/kubelet.pp

@@ -10,10 +10,11 @@
  String $runtime_service = $k8s::container_runtime_service,
  String[1] $puppetdb_discovery_tag = $k8s::node::puppetdb_discovery_tag,
 
- K8s::Node_auth $auth = $k8s::node::node_auth,
- Boolean $rotate_server_tls = $auth == 'bootstrap',
- Boolean $manage_firewall = $k8s::node::manage_firewall,
- Boolean $support_dualstack = $k8s::cluster_cidr =~ Array[Data, 2],
+ K8s::Node_auth $auth = $k8s::node::node_auth,
+ Boolean $rotate_server_tls = $auth == 'bootstrap',
+ Boolean $manage_firewall = $k8s::node::manage_firewall,
+ Boolean $manage_kernel_modules = $k8s::node::manage_kernel_modules,
+ Boolean $support_dualstack = $k8s::cluster_cidr =~ Array[Data, 2],
 
  Stdlib::Unixpath $cert_path = $k8s::node::cert_path,
  Stdlib::Unixpath $kubeconfig = '/srv/kubernetes/kubelet.kubeconf',
@@ -135,21 +136,14 @@
  'cgroupDriver' => 'systemd',
  } + $_authentication_hash
 
- file { '/etc/modules-load.d/k8s':
- ensure => $ensure,
- content => file('k8s/etc/modules-load.d/k8s'),
- }
- exec {
- default:
- path => ['/bin', '/sbin', '/usr/bin'],
- refreshonly => true,
- subscribe => File['/etc/modules-load.d/k8s'];
+ if $manage_kernel_modules {
+ kmod::load {
+ default:
+ ensure => $ensure;
 
- 'modprobe overlay':
- unless => 'lsmod | grep overlay';
-
- 'modprobe br_netfilter':
- unless => 'lsmod | grep overlay';
+ 'overlay':;
+ 'br_netfilter':;
+ }
  }
 
  file { '/etc/sysctl.d/99-k8s.conf':

metadata.json

@@ -16,6 +16,10 @@
  "name": "puppetlabs-stdlib",
  "version_requirement": ">= 5.0.0 < 9.0.0"
  },
+ {
+ "name": "puppet-kmod",
+ "version_requirement": ">= 3.2.0 < 4.0.0"
+ },
  {
  "name": "puppet-systemd",
  "version_requirement": ">= 2.0.0 < 4.0.0"

spec/classes/node/kubelet_spec.rb

@@ -20,6 +20,8 @@ class { '::k8s::node':
  let(:facts) { os_facts }
 
  it { is_expected.to compile }
+ it { is_expected.to contain_kmod__load('overlay') }
+ it { is_expected.to contain_kmod__load('br_netfilter') }
  end
  end
 end