summaryrefslogtreecommitdiff
path: root/roles/kubernetes
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2023-05-17 20:50:50 +0200
committerChristian Pointner <equinox@spreadspace.org>2023-05-17 20:50:50 +0200
commitd3b8df2d9231b4d85a28e3ab30ec1b1ff3131697 (patch)
treed1755bd7549ff69c0245edc332a2ffd7b73021a0 /roles/kubernetes
parentkubernetes/kubeadm: add support for node-local dns combined with cilium (diff)
kubernetes/kubeadm: add one more check for cilium network
Diffstat (limited to 'roles/kubernetes')
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/net_cilium.yml6
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
index d6b583e9..733fbdec 100644
--- a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
@@ -4,3 +4,9 @@
assert:
msg: "nodelocal dns-caches needs cilium local-redirect policies to be enabled, please enable it like this kubernetes_cilium_config['enable-local-redirect-policy'] = true."
that: "(not kubernetes_enable_nodelocal_dnscache) or (('enable-local-redirect-policy' in kubernetes_cilium_config) and (kubernetes_cilium_config['enable-local-redirect-policy']))"
+
+- name: make sure cilium local-redirect-policy is only enabled if cilium replaces kube-proxy
+ run_once: yes
+ assert:
+ msg: "cilium local-redirect policies only work if cilium is used to replace kube-proxy, please set kubernetes_network_plugin_replaces_kube_proxy = yes."
+ that: "('enable-local-redirect-policy' not in kubernetes_cilium_config) or (not kubernetes_cilium_config['enable-local-redirect-policy']) or kubernetes_network_plugin_replaces_kube_proxy"