From 1a1fe9966954354b3da87a936174bbaed3e89ff0 Mon Sep 17 00:00:00 2001 From: Arthur Outhenin-Chalandre Date: Fri, 17 Jul 2020 14:57:01 +0200 Subject: [PATCH] Add a way to deploy cilium alongside another CNI (#6373) Signed-off-by: Arthur Outhenin-Chalandre --- roles/download/defaults/main.yml | 6 +++--- roles/kubernetes-apps/network_plugin/meta/main.yml | 2 +- roles/kubernetes/preinstall/tasks/0020-verify-settings.yml | 2 +- roles/network_plugin/cilium/defaults/main.yml | 4 ++++ roles/network_plugin/meta/main.yml | 2 +- 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index a24c6173c..8b1159ba6 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -677,7 +677,7 @@ downloads: - k8s-cluster cilium: - enabled: "{{ kube_network_plugin == 'cilium' }}" + enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}" container: true repo: "{{ cilium_image_repo }}" tag: "{{ cilium_image_tag }}" @@ -686,7 +686,7 @@ downloads: - k8s-cluster cilium_init: - enabled: "{{ kube_network_plugin == 'cilium' }}" + enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}" container: true repo: "{{ cilium_init_image_repo }}" tag: "{{ cilium_init_image_tag }}" @@ -695,7 +695,7 @@ downloads: - k8s-cluster cilium_operator: - enabled: "{{ kube_network_plugin == 'cilium' }}" + enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}" container: true repo: "{{ cilium_operator_image_repo }}" tag: "{{ cilium_operator_image_tag }}" diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml index c208839d3..b5d1c0473 100644 --- a/roles/kubernetes-apps/network_plugin/meta/main.yml +++ b/roles/kubernetes-apps/network_plugin/meta/main.yml @@ -1,7 +1,7 @@ --- dependencies: - role: kubernetes-apps/network_plugin/cilium - when: kube_network_plugin == 'cilium' + when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool tags: - cilium diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 8ae9922f9..987a4643a 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -130,7 +130,7 @@ assert: that: ansible_kernel.split('-')[0] is version('4.9.17', '>=') when: - - kube_network_plugin == 'cilium' + - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool - not ignore_assert_errors - name: Stop if bad hostname diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index fa4361fb1..dce905dee 100755 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -33,3 +33,7 @@ cilium_monitor_aggregation: medium cilium_preallocate_bpf_maps: false cilium_tofqdns_enable_poller: false cilium_enable_legacy_services: false + +# Deploy cilium even if kube_network_plugin is not cilium. +# This enables to deploy cilium alongside another CNI to replace kube-proxy. +cilium_deploy_additionally: false diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml index 779bdfc5d..66b283e33 100644 --- a/roles/network_plugin/meta/main.yml +++ b/roles/network_plugin/meta/main.yml @@ -1,7 +1,7 @@ --- dependencies: - role: network_plugin/cilium - when: kube_network_plugin == 'cilium' + when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool tags: - cilium