From d3b8df2d9231b4d85a28e3ab30ec1b1ff3131697 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 17 May 2023 20:50:50 +0200 Subject: kubernetes/kubeadm: add one more check for cilium network --- inventory/group_vars/k8s-chtest/vars.yml | 1 + roles/kubernetes/kubeadm/base/tasks/net_cilium.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 709a6cdc..ecc9de63 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -73,4 +73,5 @@ base_sysctl_config_user: #kubernetes_network_plugin_replaces_kube_proxy: yes #kubernetes_enable_nodelocal_dnscache: no + kubernetes_metrics_server_version: 0.6.3 diff --git a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml index d6b583e9..733fbdec 100644 --- a/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml +++ b/roles/kubernetes/kubeadm/base/tasks/net_cilium.yml @@ -4,3 +4,9 @@ assert: msg: "nodelocal dns-caches needs cilium local-redirect policies to be enabled, please enable it like this kubernetes_cilium_config['enable-local-redirect-policy'] = true." that: "(not kubernetes_enable_nodelocal_dnscache) or (('enable-local-redirect-policy' in kubernetes_cilium_config) and (kubernetes_cilium_config['enable-local-redirect-policy']))" + +- name: make sure cilium local-redirect-policy is only enabled if cilium replaces kube-proxy + run_once: yes + assert: + msg: "cilium local-redirect policies only work if cilium is used to replace kube-proxy, please set kubernetes_network_plugin_replaces_kube_proxy = yes." + that: "('enable-local-redirect-policy' not in kubernetes_cilium_config) or (not kubernetes_cilium_config['enable-local-redirect-policy']) or kubernetes_network_plugin_replaces_kube_proxy" -- cgit v1.2.3