mirror of
https://github.com/geerlingguy/ansible-role-kubernetes.git
synced 2025-10-24 11:16:22 +02:00
Cilium with Kube-Proxy Replacement Option
This commit is contained in:
Michael McCulloch
parent
e09e979d27
commit
21fe613563
@ -129,7 +129,7 @@ kubernetes_pod_network:
|
||||
# cidr: '192.168.0.0/16'
|
||||
```
|
||||
|
||||
This role currently supports `flannel` (default), `calico` or `weave` for cluster pod networking. Choose only one for your cluster; converting between them is not done automatically and could result in broken networking; if you need to switch from one to another, it should be done outside of this role.
|
||||
This role currently supports `flannel` (default), `cilium`, `calico` or `weave` for cluster pod networking. Choose only one for your cluster; converting between them is not done automatically and could result in broken networking; if you need to switch from one to another, it should be done outside of this role.
|
||||
|
||||
```yaml
|
||||
kubernetes_apiserver_advertise_address: ''`
|
||||
@ -169,6 +169,13 @@ Flannel manifest file to apply to the Kubernetes cluster to enable networking. Y
|
||||
kubernetes_calico_manifest_file: https://projectcalico.docs.tigera.io/manifests/calico.yaml
|
||||
```
|
||||
|
||||
Cilium Helm chart values can be specified under `kubernetes_cilium_values`. [Kube Proxy Replacement](https://docs.cilium.io/en/latest/network/kubernetes/kubeproxy-free/) is supported through this method.
|
||||
|
||||
```yaml
|
||||
kubernetes_cilium_values:
|
||||
kubeProxyReplacement: true
|
||||
```
|
||||
|
||||
Calico manifest file to apply to the Kubernetes cluster (if using Calico instead of Flannel).
|
||||
|
||||
## Dependencies
|
||||
|
||||
@ -13,6 +13,7 @@ kubernetes_version: '1.25'
|
||||
kubernetes_version_rhel_package: '1.25.1'
|
||||
kubernetes_cilium_version: '1.14.5'
|
||||
kubernetes_cilium_datapath: 'native'
|
||||
kubernetes_cilium_values: ""
|
||||
|
||||
kubernetes_role: control_plane
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
|
||||
{{ kubernetes_kubeadm_init_extra_opts }}
|
||||
register: kubeadmin_init
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined)
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined) and (not kubernetes_cilium_values.kubeProxyReplacement)
|
||||
|
||||
- name: Initialize Kubernetes control plane with kubeadm init and ignore_preflight_errors
|
||||
command: >
|
||||
@ -24,7 +24,26 @@
|
||||
--ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
|
||||
{{ kubernetes_kubeadm_init_extra_opts }}
|
||||
register: kubeadmin_init
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined)
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined) and (not kubernetes_cilium_values.kubeProxyReplacement)
|
||||
|
||||
- name: Initialize Kubernetes control plane with kubeadm init without kube-proxy
|
||||
command: >
|
||||
kubeadm init
|
||||
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
|
||||
--skip-phases=addon/kube-proxy
|
||||
{{ kubernetes_kubeadm_init_extra_opts }}
|
||||
register: kubeadmin_init
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is not defined) and (kubernetes_cilium_values.kubeProxyReplacement)
|
||||
|
||||
- name: Initialize Kubernetes control plane with kubeadm init without kube-proxy and ignore_preflight_errors
|
||||
command: >
|
||||
kubeadm init
|
||||
--config {{ kubernetes_kubeadm_kubelet_config_file_path }}
|
||||
--ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }}
|
||||
--skip-phases=addon/kube-proxy
|
||||
{{ kubernetes_kubeadm_init_extra_opts }}
|
||||
register: kubeadmin_init
|
||||
when: (not kubernetes_init_stat.stat.exists) and (kubernetes_ignore_preflight_errors is defined) and (kubernetes_cilium_values.kubeProxyReplacement)
|
||||
|
||||
- name: Print the init output to screen.
|
||||
debug:
|
||||
@ -94,6 +113,15 @@
|
||||
loop:
|
||||
- ''
|
||||
- '.sha256sum'
|
||||
|
||||
- name: Write Cilium Helm values to file
|
||||
copy:
|
||||
dest: "/tmp/cilium_helm.yaml"
|
||||
content: "{{ kubernetes_cilium_values | to_yaml }}"
|
||||
when:
|
||||
- kubernetes_pod_network.cni == 'cilium'
|
||||
- not kubernetes_init_stat.stat.exists
|
||||
|
||||
- name: Taint nodes with cilium agent-not-ready
|
||||
command: kubectl taint nodes --all node.cilium.io/agent-not-ready=true:NoExecute
|
||||
when:
|
||||
@ -106,7 +134,13 @@
|
||||
delay: 5
|
||||
|
||||
- name: Configure Cilium networking
|
||||
command: /usr/local/bin/cilium install --version {{ kubernetes_cilium_version }} --datapath-mode {{ kubernetes_cilium_datapath }}
|
||||
command: >
|
||||
/usr/local/bin/cilium install
|
||||
--version {{ kubernetes_cilium_version }}
|
||||
--datapath-mode {{ kubernetes_cilium_datapath }}
|
||||
--values /tmp/cilium_helm.yaml
|
||||
--set k8sServiceHost="{{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}"
|
||||
--set k8sServicePort=6443
|
||||
when:
|
||||
- kubernetes_pod_network.cni == 'cilium'
|
||||
- not kubernetes_init_stat.stat.exists
|
||||
|
||||
Loading…
Reference in New Issue
Block a user