kubernetes/kubeadm: add support for node-local dns combined with cilium

author: Christian Pointner <equinox@spreadspace.org> 2023-05-17 01:04:29 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2023-05-17 01:04:29 +0200
commit: 85b327699a3ed9f8c7891c352aa1d6eaae5a75b7 (patch)
tree: 1a7c666f1bd4e6c5eecd818ef216a47a045584b5 /roles/kubernetes/kubeadm/base
parent: set spf records for main domains (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
index 8620ffea..d6b583e9 100644
--- a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
@@ -1,6 +1,6 @@
 ---
-- name: make sure kubernetes_enable_nodelocal_dnscache is not set
+- name: make sure local-redirect-policy is confgured when node-local dnscache is enabled
   run_once: yes
   assert:
-    msg: "we currently don't support nodelocal dns-caches when using cilium, please set kubernetes_enable_nodelocal_dnscache to false."
-    that: not kubernetes_enable_nodelocal_dnscache
+    msg: "nodelocal dns-caches needs cilium local-redirect policies to be enabled, please enable it like this kubernetes_cilium_config['enable-local-redirect-policy'] = true."
+    that: "(not kubernetes_enable_nodelocal_dnscache) or (('enable-local-redirect-policy' in kubernetes_cilium_config) and (kubernetes_cilium_config['enable-local-redirect-policy']))"
author	Christian Pointner <equinox@spreadspace.org>	2023-05-17 01:04:29 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2023-05-17 01:04:29 +0200
commit	85b327699a3ed9f8c7891c352aa1d6eaae5a75b7 (patch)
tree	1a7c666f1bd4e6c5eecd818ef216a47a045584b5 /roles/kubernetes/kubeadm/base
parent	set spf records for main domains (diff)