Fix cilium strict kube proxy replacement in HA (#6473)
* Update the cilium svc proxy test to HA mode Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Fix cilium strict kube-proxy in HA Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Add a single global endpoint variable Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Add cilium docs about kube-proxy replacement Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> * Fix issues in docs Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
This commit is contained in:
parent
9cc70e9e70
commit
35682b5228
5 changed files with 32 additions and 1 deletions
13
docs/cilium.md
Normal file
13
docs/cilium.md
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# Cilium
|
||||||
|
|
||||||
|
## Kube-proxy replacement with Cilium
|
||||||
|
|
||||||
|
Cilium can run without kube-proxy by setting `cilium_kube_proxy_replacement`
|
||||||
|
to `strict`.
|
||||||
|
|
||||||
|
Without kube-proxy, cilium needs to know the address of the kube-apiserver
|
||||||
|
and this must be set globally for all cilium components (agents and operators).
|
||||||
|
Hence, in this configuration in Kubespray, Cilium will always contact
|
||||||
|
the external loadbalancer (even from a node in the control plane)
|
||||||
|
and if there is no external load balancer It will ignore any local load
|
||||||
|
balancer deployed by Kubespray and **only contacts the first master**.
|
|
@ -448,6 +448,12 @@ loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}"
|
||||||
loadbalancer_apiserver_type: "nginx"
|
loadbalancer_apiserver_type: "nginx"
|
||||||
# applied if only external loadbalancer_apiserver is defined, otherwise ignored
|
# applied if only external loadbalancer_apiserver is defined, otherwise ignored
|
||||||
apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
|
apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
|
||||||
|
kube_apiserver_global_endpoint: |-
|
||||||
|
{% if loadbalancer_apiserver is defined -%}
|
||||||
|
https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
|
||||||
|
{%- else -%}
|
||||||
|
https://{{ first_kube_master }}:{{ kube_apiserver_port }}
|
||||||
|
{%- endif %}
|
||||||
kube_apiserver_endpoint: |-
|
kube_apiserver_endpoint: |-
|
||||||
{% if loadbalancer_apiserver is defined -%}
|
{% if loadbalancer_apiserver is defined -%}
|
||||||
https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
|
https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port|default(kube_apiserver_port) }}
|
||||||
|
|
|
@ -84,6 +84,12 @@ spec:
|
||||||
key: AWS_DEFAULT_REGION
|
key: AWS_DEFAULT_REGION
|
||||||
name: cilium-aws
|
name: cilium-aws
|
||||||
optional: true
|
optional: true
|
||||||
|
{% if cilium_kube_proxy_replacement == 'strict' %}
|
||||||
|
- name: KUBERNETES_SERVICE_HOST
|
||||||
|
value: "{{ kube_apiserver_global_endpoint | urlsplit('hostname') }}"
|
||||||
|
- name: KUBERNETES_SERVICE_PORT
|
||||||
|
value: "{{ kube_apiserver_global_endpoint | urlsplit('port') }}"
|
||||||
|
{% endif %}
|
||||||
image: "{{ cilium_operator_image_repo }}:{{ cilium_operator_image_tag }}"
|
image: "{{ cilium_operator_image_repo }}:{{ cilium_operator_image_tag }}"
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
name: cilium-operator
|
name: cilium-operator
|
||||||
|
|
|
@ -43,6 +43,12 @@ spec:
|
||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
- name: CILIUM_CLUSTERMESH_CONFIG
|
- name: CILIUM_CLUSTERMESH_CONFIG
|
||||||
value: /var/lib/cilium/clustermesh/
|
value: /var/lib/cilium/clustermesh/
|
||||||
|
{% if cilium_kube_proxy_replacement == 'strict' %}
|
||||||
|
- name: KUBERNETES_SERVICE_HOST
|
||||||
|
value: "{{ kube_apiserver_global_endpoint | urlsplit('hostname') }}"
|
||||||
|
- name: KUBERNETES_SERVICE_PORT
|
||||||
|
value: "{{ kube_apiserver_global_endpoint | urlsplit('port') }}"
|
||||||
|
{% endif %}
|
||||||
image: "{{cilium_image_repo}}:{{cilium_image_tag}}"
|
image: "{{cilium_image_repo}}:{{cilium_image_tag}}"
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
resources:
|
resources:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
# Instance settings
|
# Instance settings
|
||||||
cloud_image: debian-10
|
cloud_image: debian-10
|
||||||
mode: separate
|
mode: ha
|
||||||
|
|
||||||
# Kubespray settings
|
# Kubespray settings
|
||||||
kube_network_plugin: cilium
|
kube_network_plugin: cilium
|
||||||
|
|
Loading…
Reference in a new issue