diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-05-12 00:59:05 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-05-12 00:59:05 +0200 |
commit | 511e3680061148bebda0062c1ab269d51ee46123 (patch) | |
tree | 94f0c7d6172b2e100ae9a9d3785eff525043a6f5 | |
parent | kubernetes/kubeadm: revamp handling of dns-cache and prepare for net-plugin d... (diff) |
kubernetes: add network plugin cilium
5 files changed, 75 insertions, 2 deletions
diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 9552f5e5..154d2d70 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -11,9 +11,22 @@ containerd_pkg_provider: docker-com #kubernetes_network_plugin_replaces_kube_proxy: yes #kubernetes_enable_nodelocal_dnscache: yes -kubernetes_network_plugin: none +kubernetes_network_plugin: cilium +kubernetes_network_plugin_version: 1.13.2 kubernetes_network_plugin_replaces_kube_proxy: yes kubernetes_enable_nodelocal_dnscache: no +kubernetes_cilium_config: + ipam: kubernetes + tunnel: disabled + ipv4-native-routing-cidr: 192.168.28.0/24 + auto-direct-node-routes: yes +base_sysctl_config_user: + net.ipv4.conf.all.rp_filter: 0 + net.ipv4.conf.default.rp_filter: 0 + +# kubernetes_network_plugin: none +# kubernetes_network_plugin_replaces_kube_proxy: yes +# kubernetes_enable_nodelocal_dnscache: no kubernetes: diff --git a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml new file mode 100644 index 00000000..8620ffea --- /dev/null +++ b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml @@ -0,0 +1,6 @@ +--- +- name: make sure kubernetes_enable_nodelocal_dnscache is not set + run_once: yes + assert: + msg: "we currently don't support nodelocal dns-caches when using cilium, please set kubernetes_enable_nodelocal_dnscache to false." + that: not kubernetes_enable_nodelocal_dnscache diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_cilium.yml new file mode 100644 index 00000000..4d535ed4 --- /dev/null +++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_cilium.yml @@ -0,0 +1,52 @@ +--- +- name: install cilium cli + apt: + name: cilium-cli + state: present + +- name: check if cilium is already installed + check_mode: no + command: cilium version + failed_when: false + changed_when: false + register: cilium_version_result + +- name: install cilium onto the cluster + when: "'no cilium pods found' in cilium_version_result.stdout" + block: + - name: install cilium using cli + command: cilium install --version "v{{ kubernetes_network_plugin_version }}" --config "{% for name,value in kubernetes_cilium_config.items() %}{{ loop.first | ternary('',',') }}{{ name }}={{ value }}{% endfor %}" + register: cilium_install + + always: + - name: dump output of cilium install to log file + when: cilium_install.changed + copy: + content: "{{ cilium_install.stdout }}\n" + dest: /etc/kubernetes/network-plugin/install.log + + - name: dump error output of cilium install to log file + when: cilium_install.changed and cilium_install.stderr + copy: + content: "{{ cilium_install.stderr }}\n" + dest: /etc/kubernetes/network-plugin/install.errors + +## TODO: enable this once we have a working deployment +# - name: install node-local dns cache +# when: kubernetes_enable_nodelocal_dnscache +# block: +# - name: generate node-local dns cache config +# template: +# src: net_cilium/node-local-dns.yml.j2 +# dest: /etc/kubernetes/network-plugin/node-local-dns.yml + +# - name: check if node-local dns cache is already installed +# check_mode: no +# command: kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/network-plugin/node-local-dns.yml +# failed_when: false +# changed_when: false +# register: kube_node_local_dns_diff_result + +# - name: install node-local dns cache +# when: kube_node_local_dns_diff_result.rc != 0 +# command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/network-plugin/node-local-dns.yml diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml index aad6467b..dcf737ae 100644 --- a/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml +++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml @@ -11,7 +11,7 @@ changed_when: false register: kube_router_diff_result -- name: install kube-router on to the cluster +- name: install kube-router onto the cluster when: kube_router_diff_result.rc != 0 command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/network-plugin/config.yml diff --git a/roles/kubernetes/kubeadm/prune/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/prune/tasks/net_cilium.yml new file mode 100644 index 00000000..94832c38 --- /dev/null +++ b/roles/kubernetes/kubeadm/prune/tasks/net_cilium.yml @@ -0,0 +1,2 @@ +--- +## nothing to do here |