Add enabled to pkgs to handle ipvs

Some packages requirements depends on inventory variables
(`kube_proxy_mode` in that case but it could apply to others).

As the case seems pretty rare, instead of adding complexity to pkgs, we
add an escape hatch to use jinja conditions.
That should be revisited if we find ourselves shoehorning lots of logic
in this later on.

roles/kubernetes/preinstall/defaults/main.yml

@@ -6,9 +6,6 @@ epel_enabled: false
 # Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf
 dns_late: false
 
-common_required_pkgs:
- - "{{ kube_proxy_mode == 'ipvs' | ternary(['ipvsadm', 'ipset'], []) }}"
-
 # Set to true if your network does not support IPv6
 # This may be necessary for pulling Docker images from
 # GCE docker repository

roles/kubernetes/preinstall/files/pkgs-schema.json

@@ -9,6 +9,11 @@
  "type": "object",
  "additionalProperties": false,
  "properties": {
+ "enabled": {
+ "description": "Escape hatch to filter packages. The value is expected to be pre-resolved to a boolean by Jinja",
+ "type": "boolean",
+ "default": true
+ },
  "groups": {
  "description": "Match if the host is in one of these groups. If not specified match any host.",
  "type": "array",

roles/kubernetes/preinstall/tasks/0070-system-packages.yml

@@ -64,7 +64,7 @@
  # The json_query for selecting packages name is split for readability
  # see files/pkgs-schema.json for the structure of `pkgs`
  # and the matching semantics
- full_query: "[? value | ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
+ full_query: "[? value | (enabled == null || enabled) && ( {{ filters_os }} ) && ( {{ filters_groups }} ) ].key"
  filters_groups: "groups | @ == null || [? contains(`{{ group_names }}`, @)]"
  filters_os: "os == null || (os | ( {{ filters_family }} ) || ( {{ filters_distro }} ))"
  dquote: !unsafe '"'

roles/kubernetes/preinstall/vars/main.yml

@@ -54,7 +54,15 @@ pkgs:
  major_versions:
  - "11"
  - "12"
+ ipset:
+ enabled: "{{ kube_proxy_mode != 'ipvs' }}"
+ groups:
+ - k8s_cluster
  iptables: *deb_redhat
+ ipvsadm:
+ enabled: "{{ kube_proxy_mode == 'ipvs' }}"
+ groups:
+ - k8s_cluster
  libseccomp: *redhat_family
  libseccomp2:
  groups: