summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--inventory/group_vars/k8s-chtest/vars.yml15
-rw-r--r--roles/kubernetes/kubeadm/base/tasks/net_cilium.yml6
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/net_cilium.yml52
-rw-r--r--roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml2
-rw-r--r--roles/kubernetes/kubeadm/prune/tasks/net_cilium.yml2
5 files changed, 75 insertions, 2 deletions
diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml
index 9552f5e5..154d2d70 100644
--- a/inventory/group_vars/k8s-chtest/vars.yml
+++ b/inventory/group_vars/k8s-chtest/vars.yml
@@ -11,9 +11,22 @@ containerd_pkg_provider: docker-com
#kubernetes_network_plugin_replaces_kube_proxy: yes
#kubernetes_enable_nodelocal_dnscache: yes
-kubernetes_network_plugin: none
+kubernetes_network_plugin: cilium
+kubernetes_network_plugin_version: 1.13.2
kubernetes_network_plugin_replaces_kube_proxy: yes
kubernetes_enable_nodelocal_dnscache: no
+kubernetes_cilium_config:
+ ipam: kubernetes
+ tunnel: disabled
+ ipv4-native-routing-cidr: 192.168.28.0/24
+ auto-direct-node-routes: yes
+base_sysctl_config_user:
+ net.ipv4.conf.all.rp_filter: 0
+ net.ipv4.conf.default.rp_filter: 0
+
+# kubernetes_network_plugin: none
+# kubernetes_network_plugin_replaces_kube_proxy: yes
+# kubernetes_enable_nodelocal_dnscache: no
kubernetes:
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
new file mode 100644
index 00000000..8620ffea
--- /dev/null
+++ b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml
@@ -0,0 +1,6 @@
+---
+- name: make sure kubernetes_enable_nodelocal_dnscache is not set
+ run_once: yes
+ assert:
+ msg: "we currently don't support nodelocal dns-caches when using cilium, please set kubernetes_enable_nodelocal_dnscache to false."
+ that: not kubernetes_enable_nodelocal_dnscache
diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_cilium.yml
new file mode 100644
index 00000000..4d535ed4
--- /dev/null
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_cilium.yml
@@ -0,0 +1,52 @@
+---
+- name: install cilium cli
+ apt:
+ name: cilium-cli
+ state: present
+
+- name: check if cilium is already installed
+ check_mode: no
+ command: cilium version
+ failed_when: false
+ changed_when: false
+ register: cilium_version_result
+
+- name: install cilium onto the cluster
+ when: "'no cilium pods found' in cilium_version_result.stdout"
+ block:
+ - name: install cilium using cli
+ command: cilium install --version "v{{ kubernetes_network_plugin_version }}" --config "{% for name,value in kubernetes_cilium_config.items() %}{{ loop.first | ternary('',',') }}{{ name }}={{ value }}{% endfor %}"
+ register: cilium_install
+
+ always:
+ - name: dump output of cilium install to log file
+ when: cilium_install.changed
+ copy:
+ content: "{{ cilium_install.stdout }}\n"
+ dest: /etc/kubernetes/network-plugin/install.log
+
+ - name: dump error output of cilium install to log file
+ when: cilium_install.changed and cilium_install.stderr
+ copy:
+ content: "{{ cilium_install.stderr }}\n"
+ dest: /etc/kubernetes/network-plugin/install.errors
+
+## TODO: enable this once we have a working deployment
+# - name: install node-local dns cache
+# when: kubernetes_enable_nodelocal_dnscache
+# block:
+# - name: generate node-local dns cache config
+# template:
+# src: net_cilium/node-local-dns.yml.j2
+# dest: /etc/kubernetes/network-plugin/node-local-dns.yml
+
+# - name: check if node-local dns cache is already installed
+# check_mode: no
+# command: kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/network-plugin/node-local-dns.yml
+# failed_when: false
+# changed_when: false
+# register: kube_node_local_dns_diff_result
+
+# - name: install node-local dns cache
+# when: kube_node_local_dns_diff_result.rc != 0
+# command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/network-plugin/node-local-dns.yml
diff --git a/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml
index aad6467b..dcf737ae 100644
--- a/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml
+++ b/roles/kubernetes/kubeadm/control-plane/tasks/net_kube-router.yml
@@ -11,7 +11,7 @@
changed_when: false
register: kube_router_diff_result
-- name: install kube-router on to the cluster
+- name: install kube-router onto the cluster
when: kube_router_diff_result.rc != 0
command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/network-plugin/config.yml
diff --git a/roles/kubernetes/kubeadm/prune/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/prune/tasks/net_cilium.yml
new file mode 100644
index 00000000..94832c38
--- /dev/null
+++ b/roles/kubernetes/kubeadm/prune/tasks/net_cilium.yml
@@ -0,0 +1,2 @@
+---
+## nothing to do here
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 00:10:54 +0000