memory, br_netfilter and iptables issues when installing on 2023-05-03 Raspbian 64-bit

[beirtipol]

It's taken a while to dig through theses separate issues, so thought I'd post them all in one issue ticket for the next poor soul trying to install k8s on the latest Raspbian build.

I got a lot of errors when a worker node tried to join so I ran the below command manually and saw the errors below

pi@pinode02:~ $ sudo kubeadm join 192.168.86.12:6443 --token sometoken --discovery-token-ca-cert-hash sha256:somehash
[preflight] Running pre-flight checks
[WARNING SystemVerification]: missing optional cgroups: hugetlb
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...
To see the stack trace of this error execute with --v=5 or higher

After a bit of digging, I've discovered that I needed to add the following tasks to my runbook before running the k8s install

- name: Ensure br_netfilter is enabled.
  modprobe:
    name: br_netfilter
    state: present

- name: Let iptables see bridged traffic.
  sysctl:
    name: "{{ item }}"
    value: '1'
    state: present
  loop:
    - net.bridge.bridge-nf-call-iptables
    - net.bridge.bridge-nf-call-ip6tables
    - net.ipv4.ip_forward

I've seen these tasks mentioned in other issues depending on the Debian version so I wouldn't be entirely confident raising a PR as I'm not sure where the issue lies in the existing tasks.

Separately I also had to add the following to the end of /boot/cmdline.txt and reboot, then disable swap. Again, not sure if the preference is for this to be done separately by the user rather than making the ansible-role-kubernetes an all-powerful god book

.............. cgroup_enable=memory

[weakcamel]

I believe this is the same as #146

I'm also affected by it. I'll try and prepare a PR if I get lucky and #148 gets accepted by the author (who I believe doesn't really have the capacity to maintain some of his myriad roles anymore but does check them out from time to time :) )

[bjensen]

@weakcamel Care to make a PR to fix this now that #148 got merged last month? ;-) I would myself if I had the know how.

[github-actions]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

[github-actions]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.