From bb6d2773caeac1a337249984880d92ba9329acf5 Mon Sep 17 00:00:00 2001
From: Simon Hoenscheid <simon@hoenscheid-itconsulting.com>
Date: Wed, 1 Mar 2023 23:32:02 +0100
Subject: [PATCH] Use puppet-kmod to manage kernel_modules

---
 .fixtures.yml                     |  1 +
 REFERENCE.md                      | 28 +++++++++++++++++++++++++++-
 files/etc/modules-load.d/k8s      |  2 --
 manifests/init.pp                 |  7 ++++++-
 manifests/node.pp                 |  1 +
 manifests/node/kubelet.pp         | 30 ++++++++++++------------------
 metadata.json                     |  4 ++++
 spec/classes/node/kubelet_spec.rb |  2 ++
 8 files changed, 53 insertions(+), 22 deletions(-)
 delete mode 100644 files/etc/modules-load.d/k8s

diff --git a/.fixtures.yml b/.fixtures.yml
index 3b83d35..836a0fb 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -6,3 +6,4 @@ fixtures:
     archive: "puppet/archive"
     stdlib: "puppetlabs/stdlib"
     systemd: "camptocamp/systemd"
+    kmod: "puppet/kmod"
diff --git a/REFERENCE.md b/REFERENCE.md
index 79b3660..427ac27 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -81,6 +81,7 @@ The following parameters are available in the `k8s` class:
 * [`crio_package`](#-k8s--crio_package)
 * [`manage_etcd`](#-k8s--manage_etcd)
 * [`manage_firewall`](#-k8s--manage_firewall)
+* [`manage_kernel_modules`](#-k8s--manage_kernel_modules)
 * [`manage_image`](#-k8s--manage_image)
 * [`manage_repo`](#-k8s--manage_repo)
 * [`manage_packages`](#-k8s--manage_packages)
@@ -209,6 +210,14 @@ Data type: `Boolean`
 
 Default value: `false`
 
+##### <a name="-k8s--manage_kernel_modules"></a>`manage_kernel_modules`
+
+Data type: `Boolean`
+
+
+
+Default value: `true`
+
 ##### <a name="-k8s--manage_image"></a>`manage_image`
 
 Data type: `Boolean`
@@ -408,6 +417,7 @@ The following parameters are available in the `k8s::node` class:
 * [`manage_kubelet`](#-k8s--node--manage_kubelet)
 * [`manage_proxy`](#-k8s--node--manage_proxy)
 * [`manage_firewall`](#-k8s--node--manage_firewall)
+* [`manage_kernel_modules`](#-k8s--node--manage_kernel_modules)
 * [`puppetdb_discovery_tag`](#-k8s--node--puppetdb_discovery_tag)
 * [`cert_path`](#-k8s--node--cert_path)
 * [`ca_cert`](#-k8s--node--ca_cert)
@@ -474,6 +484,14 @@ Data type: `Boolean`
 
 Default value: `$k8s::manage_firewall`
 
+##### <a name="-k8s--node--manage_kernel_modules"></a>`manage_kernel_modules`
+
+Data type: `Boolean`
+
+
+
+Default value: `$k8s::manage_kernel_modules`
+
 ##### <a name="-k8s--node--puppetdb_discovery_tag"></a>`puppetdb_discovery_tag`
 
 Data type: `String[1]`
@@ -690,6 +708,7 @@ The following parameters are available in the `k8s::node::kubelet` class:
 * [`auth`](#-k8s--node--kubelet--auth)
 * [`rotate_server_tls`](#-k8s--node--kubelet--rotate_server_tls)
 * [`manage_firewall`](#-k8s--node--kubelet--manage_firewall)
+* [`manage_kernel_modules`](#-k8s--node--kubelet--manage_kernel_modules)
 * [`support_dualstack`](#-k8s--node--kubelet--support_dualstack)
 * [`cert_path`](#-k8s--node--kubelet--cert_path)
 * [`kubeconfig`](#-k8s--node--kubelet--kubeconfig)
@@ -778,6 +797,14 @@ Data type: `Boolean`
 
 Default value: `$k8s::node::manage_firewall`
 
+##### <a name="-k8s--node--kubelet--manage_kernel_modules"></a>`manage_kernel_modules`
+
+Data type: `Boolean`
+
+
+
+Default value: `$k8s::node::manage_kernel_modules`
+
 ##### <a name="-k8s--node--kubelet--support_dualstack"></a>`support_dualstack`
 
 Data type: `Boolean`
@@ -3096,4 +3123,3 @@ Alias of `Pattern[/^[a-z]+:\/\//]`
 A type for handling Kubernetes version numbers
 
 Alias of `Pattern[/^(\d+\.){2}\d+$/]`
-
diff --git a/files/etc/modules-load.d/k8s b/files/etc/modules-load.d/k8s
deleted file mode 100644
index 43dd543..0000000
--- a/files/etc/modules-load.d/k8s
+++ /dev/null
@@ -1,2 +0,0 @@
-overlay
-br_netfilter
diff --git a/manifests/init.pp b/manifests/init.pp
index 49639d4..b6ffa9a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,10 @@
 # @summary Sets up a Kubernetes instance - either as a node or as a server
+# 
+# @param manage_kernel_modules
+#   A flag to manage required Kernel modules.
+#
 class k8s (
-  K8s::Ensure $ensure       = 'present',
+  K8s::Ensure $ensure                     = 'present',
   Enum['container', 'native'] $packaging  = 'native',
   K8s::Native_packaging $native_packaging = 'loose',
   String[1] $version                      = '1.20.14',
@@ -15,6 +19,7 @@
 
   Boolean $manage_etcd              = true,
   Boolean $manage_firewall          = false,
+  Boolean $manage_kernel_modules    = true,
   Boolean $manage_image             = false,
   Boolean $manage_repo              = true,
   Boolean $manage_packages          = true,
diff --git a/manifests/node.pp b/manifests/node.pp
index fddfdf5..af87ac9 100644
--- a/manifests/node.pp
+++ b/manifests/node.pp
@@ -9,6 +9,7 @@
   Boolean $manage_kubelet           = true,
   Boolean $manage_proxy             = false,
   Boolean $manage_firewall          = $k8s::manage_firewall,
+  Boolean $manage_kernel_modules    = $k8s::manage_kernel_modules,
   String[1] $puppetdb_discovery_tag = $k8s::puppetdb_discovery_tag,
 
   Stdlib::Unixpath $cert_path = '/var/lib/kubelet/pki',
diff --git a/manifests/node/kubelet.pp b/manifests/node/kubelet.pp
index 721eba4..563abe9 100644
--- a/manifests/node/kubelet.pp
+++ b/manifests/node/kubelet.pp
@@ -10,10 +10,11 @@
   String $runtime_service           = $k8s::container_runtime_service,
   String[1] $puppetdb_discovery_tag = $k8s::node::puppetdb_discovery_tag,
 
-  K8s::Node_auth $auth       = $k8s::node::node_auth,
-  Boolean $rotate_server_tls = $auth == 'bootstrap',
-  Boolean $manage_firewall   = $k8s::node::manage_firewall,
-  Boolean $support_dualstack = $k8s::cluster_cidr =~ Array[Data, 2],
+  K8s::Node_auth $auth           = $k8s::node::node_auth,
+  Boolean $rotate_server_tls     = $auth == 'bootstrap',
+  Boolean $manage_firewall       = $k8s::node::manage_firewall,
+  Boolean $manage_kernel_modules = $k8s::node::manage_kernel_modules,
+  Boolean $support_dualstack     = $k8s::cluster_cidr =~ Array[Data, 2],
 
   Stdlib::Unixpath $cert_path  = $k8s::node::cert_path,
   Stdlib::Unixpath $kubeconfig = '/srv/kubernetes/kubelet.kubeconf',
@@ -135,21 +136,14 @@
     'cgroupDriver'       => 'systemd',
   } + $_authentication_hash
 
-  file { '/etc/modules-load.d/k8s':
-    ensure  => $ensure,
-    content => file('k8s/etc/modules-load.d/k8s'),
-  }
-  exec {
-    default:
-      path        => ['/bin', '/sbin', '/usr/bin'],
-      refreshonly => true,
-      subscribe   => File['/etc/modules-load.d/k8s'];
+  if $manage_kernel_modules {
+    kmod::load {
+      default:
+        ensure => $ensure;
 
-    'modprobe overlay':
-      unless => 'lsmod | grep overlay';
-
-    'modprobe br_netfilter':
-      unless => 'lsmod | grep overlay';
+      'overlay':;
+      'br_netfilter':;
+    }
   }
 
   file { '/etc/sysctl.d/99-k8s.conf':
diff --git a/metadata.json b/metadata.json
index 3e5e7ed..a74bbea 100644
--- a/metadata.json
+++ b/metadata.json
@@ -16,6 +16,10 @@
       "name": "puppetlabs-stdlib",
       "version_requirement": ">= 5.0.0 < 9.0.0"
     },
+    {
+      "name": "puppet-kmod",
+      "version_requirement": ">= 3.2.0 < 4.0.0"
+    },
     {
       "name": "puppet-systemd",
       "version_requirement": ">= 2.0.0 < 4.0.0"
diff --git a/spec/classes/node/kubelet_spec.rb b/spec/classes/node/kubelet_spec.rb
index d2a0a71..7e4867e 100644
--- a/spec/classes/node/kubelet_spec.rb
+++ b/spec/classes/node/kubelet_spec.rb
@@ -20,6 +20,8 @@ class { '::k8s::node':
       let(:facts) { os_facts }
 
       it { is_expected.to compile }
+      it { is_expected.to contain_kmod__load('overlay') }
+      it { is_expected.to contain_kmod__load('br_netfilter') }
     end
   end
 end