Feature/add flannel wireguard encryption backend as option (#9583)
* feat(): Add wireguard backend to flannel cni As described in the flannel docs: https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard This does not support optional configuration methods like: - setting a psk (will be autogenerated by default) - chang listening ports - change mode (defaults to 'separate') - change PersistentKeepaliveInterval (defaults to 0) * Add supported backends to flannel docs * Fix markdown in docs
This commit is contained in:
parent
a132733b2d
commit
491e260d20
3 changed files with 12 additions and 2 deletions
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
Flannel is a network fabric for containers, designed for Kubernetes
|
Flannel is a network fabric for containers, designed for Kubernetes
|
||||||
|
|
||||||
|
Supported [backends](https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard): `vxlan`, `host-gw` and `wireguard`
|
||||||
|
|
||||||
**Warning:** You may encounter this [bug](https://github.com/coreos/flannel/pull/1282) with `VXLAN` backend, while waiting on a newer Flannel version the current workaround (`ethtool --offload flannel.1 rx off tx off`) is showcase in kubespray [networking test](tests/testcases/040_check-network-adv.yml:31).
|
**Warning:** You may encounter this [bug](https://github.com/coreos/flannel/pull/1282) with `VXLAN` backend, while waiting on a newer Flannel version the current workaround (`ethtool --offload flannel.1 rx off tx off`) is showcase in kubespray [networking test](tests/testcases/040_check-network-adv.yml:31).
|
||||||
|
|
||||||
## Verifying flannel install
|
## Verifying flannel install
|
||||||
|
|
|
@ -10,8 +10,7 @@
|
||||||
## single quote and escape backslashes
|
## single quote and escape backslashes
|
||||||
# flannel_interface_regexp: '10\\.0\\.[0-2]\\.\\d{1,3}'
|
# flannel_interface_regexp: '10\\.0\\.[0-2]\\.\\d{1,3}'
|
||||||
|
|
||||||
# You can choose what type of flannel backend to use: 'vxlan' or 'host-gw'
|
# You can choose what type of flannel backend to use: 'vxlan', 'host-gw' or 'wireguard'
|
||||||
# for experimental backend
|
|
||||||
# please refer to flannel's docs : https://github.com/coreos/flannel/blob/master/README.md
|
# please refer to flannel's docs : https://github.com/coreos/flannel/blob/master/README.md
|
||||||
# flannel_backend_type: "vxlan"
|
# flannel_backend_type: "vxlan"
|
||||||
# flannel_vxlan_vni: 1
|
# flannel_vxlan_vni: 1
|
||||||
|
|
|
@ -1,4 +1,13 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Flannel | Stop if kernel version is too low for Flannel Wireguard encryption
|
||||||
|
assert:
|
||||||
|
that: ansible_kernel.split('-')[0] is version('5.6.0', '>=')
|
||||||
|
when:
|
||||||
|
- kube_network_plugin == 'flannel'
|
||||||
|
- flannel_backend_type == 'wireguard'
|
||||||
|
- not ignore_assert_errors
|
||||||
|
|
||||||
- name: Flannel | Create Flannel manifests
|
- name: Flannel | Create Flannel manifests
|
||||||
template:
|
template:
|
||||||
src: "{{ item.file }}.j2"
|
src: "{{ item.file }}.j2"
|
||||||
|
|
Loading…
Reference in a new issue