Mirrors/geerlingguy.ansible-role-kubernetes
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-kubernetes.git synced 2025-11-01 01:19:25 +01:00
Code Issues Projects Releases Wiki Activity

Cilium with Kube-Proxy Replacement Option

Browse Source
This commit is contained in:
Michael McCulloch 2024-01-10 15:49:59 -07:00
parent e09e979d27
commit 21fe613563
3 changed files with 46 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -129,7 +129,7 @@ kubernetes_pod_network:
# cidr: '192.168.0.0/16' # cidr: '192.168.0.0/16'
``` ```
This role currently supports `flannel` (default), `calico` or `weave` for cluster pod networking. Choose only one for your cluster; converting between them is not done automatically and could result in broken networking; if you need to switch from one to another, it should be done outside of this role. This role currently supports `flannel` (default), `cilium`, `calico` or `weave` for cluster pod networking. Choose only one for your cluster; converting between them is not done automatically and could result in broken networking; if you need to switch from one to another, it should be done outside of this role.
```yaml ```yaml
kubernetes_apiserver_advertise_address: ''` kubernetes_apiserver_advertise_address: ''`
@ -169,6 +169,13 @@ Flannel manifest file to apply to the Kubernetes cluster to enable networking. Y
kubernetes_calico_manifest_file: https://projectcalico.docs.tigera.io/manifests/calico.yaml kubernetes_calico_manifest_file: https://projectcalico.docs.tigera.io/manifests/calico.yaml
``` ```
Cilium Helm chart values can be specified under `kubernetes_cilium_values`. [Kube Proxy Replacement](https://docs.cilium.io/en/latest/network/kubernetes/kubeproxy-free/) is supported through this method.
```yaml
kubernetes_cilium_values:
kubeProxyReplacement: true
```
Calico manifest file to apply to the Kubernetes cluster (if using Calico instead of Flannel). Calico manifest file to apply to the Kubernetes cluster (if using Calico instead of Flannel).
## Dependencies ## Dependencies

1
defaults/main.yml
View File

@ -13,6 +13,7 @@ kubernetes_version: '1.25'
kubernetes_version_rhel_package: '1.25.1' kubernetes_version_rhel_package: '1.25.1'
kubernetes_cilium_version: '1.14.5' kubernetes_cilium_version: '1.14.5'
kubernetes_cilium_datapath: 'native' kubernetes_cilium_datapath: 'native'
kubernetes_cilium_values: ""
kubernetes_role: control_plane kubernetes_role: control_plane

40
tasks/control-plane-setup.yml
View File

@ -15,7 +15,7 @@
--config {{ kubernetes_kubeadm_kubelet_config_file_path }} --config {{ kubernetes_kubeadm_kubelet_config_file_path }}
{{ kubernetes_kubeadm_init_extra_opts }} {{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init register: kubeadmin_init
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined) when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined) and (not kubernetes_cilium_values.kubeProxyReplacement)
- name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors - name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors
command: > command: >
@ -24,7 +24,26 @@
--ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }} --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
{{ kubernetes_kubeadm_init_extra_opts }} {{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init register: kubeadmin_init
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined) when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined) and (not kubernetes_cilium_values.kubeProxyReplacement)
- name: Initialize Kubernetes control plane with kubeadm init without kube-proxy
command: >
kubeadm init
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
--skip-phases=addon/kube-proxy
{{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined) and (kubernetes_cilium_values.kubeProxyReplacement)
- name: Initialize Kubernetes control plane with kubeadm init without kube-proxy and ignore_preflight_errors
command: >
kubeadm init
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
--ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
--skip-phases=addon/kube-proxy
{{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined) and (kubernetes_cilium_values.kubeProxyReplacement)
- name: Print the init output to screen. - name: Print the init output to screen.
debug: debug:
@ -94,6 +113,15 @@
loop: loop:
- '' - ''
- '.sha256sum' - '.sha256sum'
- name: Write Cilium Helm values to file
copy:
dest: "/tmp/cilium_helm.yaml"
content: "{{ kubernetes_cilium_values | to_yaml }}"
when:
- kubernetes_pod_network.cni == 'cilium'
- not kubernetes_init_stat.stat.exists
- name: Taint nodes with cilium agent-not-ready - name: Taint nodes with cilium agent-not-ready
command: kubectl taint nodes --all node.cilium.io/agent-not-ready=true:NoExecute command: kubectl taint nodes --all node.cilium.io/agent-not-ready=true:NoExecute
when: when:
@ -106,7 +134,13 @@
delay: 5 delay: 5
- name: Configure Cilium networking - name: Configure Cilium networking
command: /usr/local/bin/cilium install --version {{ kubernetes_cilium_version }} --datapath-mode {{ kubernetes_cilium_datapath }} command: >
/usr/local/bin/cilium install
--version {{ kubernetes_cilium_version }}
--datapath-mode {{ kubernetes_cilium_datapath }}
--values /tmp/cilium_helm.yaml
--set k8sServiceHost="{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}"
--set k8sServicePort=6443
when: when:
- kubernetes_pod_network.cni == 'cilium' - kubernetes_pod_network.cni == 'cilium'
- not kubernetes_init_stat.stat.exists - not kubernetes_init_stat.stat.exists