kubernetes/kubeadm: add one more check for cilium network

author: Christian Pointner <equinox@spreadspace.org> 2023-05-17 20:50:50 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2023-05-17 20:50:50 +0200
commit: d3b8df2d9231b4d85a28e3ab30ec1b1ff3131697 (patch)
tree: d1755bd7549ff69c0245edc332a2ffd7b73021a0 /roles/kubernetes
parent: kubernetes/kubeadm: add support for node-local dns combined with cilium (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
index d6b583e9..733fbdec 100644
--- a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
@@ -4,3 +4,9 @@
   assert:
     msg: "nodelocal dns-caches needs cilium local-redirect policies to be enabled, please enable it like this kubernetes_cilium_config['enable-local-redirect-policy'] = true."
     that: "(not kubernetes_enable_nodelocal_dnscache) or (('enable-local-redirect-policy' in kubernetes_cilium_config) and (kubernetes_cilium_config['enable-local-redirect-policy']))"
+
+- name: make sure cilium local-redirect-policy is only enabled if cilium replaces kube-proxy
+  run_once: yes
+  assert:
+    msg: "cilium local-redirect policies only work if cilium is used to replace kube-proxy, please set kubernetes_network_plugin_replaces_kube_proxy = yes."
+    that: "('enable-local-redirect-policy' not in kubernetes_cilium_config) or (not kubernetes_cilium_config['enable-local-redirect-policy']) or kubernetes_network_plugin_replaces_kube_proxy"
author	Christian Pointner <equinox@spreadspace.org>	2023-05-17 20:50:50 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2023-05-17 20:50:50 +0200
commit	d3b8df2d9231b4d85a28e3ab30ec1b1ff3131697 (patch)
tree	d1755bd7549ff69c0245edc332a2ffd7b73021a0 /roles/kubernetes
parent	kubernetes/kubeadm: add support for node-local dns combined with cilium (diff)