C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode (#8519)

Browse source 
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode

* Change inventory sample
This commit is contained in:
Tom Stian Berget 2022-02-08 23:04:35 +01:00 committed by GitHub
parent 5695c892d0
commit 84b93090a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 19 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
View file

@ -1,4 +1,4 @@
# see roles/network_plugin/cilium/defaults/main.yml # see roles/network_plugin/cilium/defaults/main.yml
# cilium_version: "v1.11.0" # cilium_version: "v1.11.0"
# identity_allocation_mode: kvstore # kvstore or crd # cilium_identity_allocation_mode: kvstore # kvstore or crd

9
roles/network_plugin/cilium/defaults/main.yml
View file

@ -12,7 +12,14 @@ cilium_enable_ipv6: false
# These can be queried with: # These can be queried with:
# `kubectl get ciliumid` # `kubectl get ciliumid`
# - "kvstore" stores identities in an etcd kvstore. # - "kvstore" stores identities in an etcd kvstore.
identity_allocation_mode: kvstore # - In order to support External Workloads, "crd" is required
# - Ref: https://docs.cilium.io/en/stable/gettingstarted/external-workloads/#setting-up-support-for-external-workloads-beta
# - KVStore operations are only required when cilium-operator is running with any of the below options:
# - --synchronize-k8s-services
# - --synchronize-k8s-nodes
# - --identity-allocation-mode=kvstore
# - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations
cilium_identity_allocation_mode: kvstore
# Etcd SSL dirs # Etcd SSL dirs
cilium_cert_dir: /etc/cilium/certs cilium_cert_dir: /etc/cilium/certs

4
roles/network_plugin/cilium/tasks/check.yml
View file

@ -10,5 +10,5 @@
- name: Stop if bad Cilium identity allocation mode - name: Stop if bad Cilium identity allocation mode
assert: assert:
that: identity_allocation_mode in ['crd', 'kvstore'] that: cilium_identity_allocation_mode in ['crd', 'kvstore']
msg: "identity_allocation_mode must be either 'crd' or 'kvstore'" msg: "cilium_identity_allocation_mode must be either 'crd' or 'kvstore'"

4
roles/network_plugin/cilium/tasks/install.yml
View file

@ -14,7 +14,7 @@
owner: root owner: root
group: root group: root
when: when:
- identity_allocation_mode == "kvstore" - cilium_identity_allocation_mode == "kvstore"
- name: Cilium | Link etcd certificates for cilium - name: Cilium | Link etcd certificates for cilium
file: file:
@ -28,7 +28,7 @@
- {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"} - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
- {s: "{{ kube_etcd_key_file }}", d: "key.pem"} - {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
when: when:
- identity_allocation_mode == "kvstore" - cilium_identity_allocation_mode == "kvstore"
- name: Cilium | Create hubble dir - name: Cilium | Create hubble dir
file: file:

4
roles/network_plugin/cilium/templates/cilium-config.yml.j2
View file

@ -5,9 +5,9 @@ metadata:
name: cilium-config name: cilium-config
namespace: kube-system namespace: kube-system
data: data:
identity-allocation-mode: {{ identity_allocation_mode }} identity-allocation-mode: {{ cilium_identity_allocation_mode }}
{% if identity_allocation_mode == "kvstore" %} {% if cilium_identity_allocation_mode == "kvstore" %}
# This etcd-config contains the etcd endpoints of your cluster. If you use # This etcd-config contains the etcd endpoints of your cluster. If you use
# TLS please make sure you follow the tutorial in https://cilium.link/etcd-config # TLS please make sure you follow the tutorial in https://cilium.link/etcd-config
etcd-config: |- etcd-config: |-

4
roles/network_plugin/cilium/templates/cilium-deploy.yml.j2
View file

@ -135,7 +135,7 @@ spec:
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 3 timeoutSeconds: 3
volumeMounts: volumeMounts:
{% if identity_allocation_mode == "kvstore" %} {% if cilium_identity_allocation_mode == "kvstore" %}
- mountPath: /var/lib/etcd-config - mountPath: /var/lib/etcd-config
name: etcd-config-path name: etcd-config-path
readOnly: true readOnly: true
@ -155,7 +155,7 @@ spec:
tolerations: tolerations:
- operator: Exists - operator: Exists
volumes: volumes:
{% if identity_allocation_mode == "kvstore" %} {% if cilium_identity_allocation_mode == "kvstore" %}
# To read the etcd config stored in config maps # To read the etcd config stored in config maps
- configMap: - configMap:
defaultMode: 420 defaultMode: 420

4
roles/network_plugin/cilium/templates/cilium-ds.yml.j2
View file

@ -146,7 +146,7 @@ spec:
mountPath: {{ cri_socket }} mountPath: {{ cri_socket }}
readOnly: true readOnly: true
{% endif %} {% endif %}
{% if identity_allocation_mode == "kvstore" %} {% if cilium_identity_allocation_mode == "kvstore" %}
- mountPath: /var/lib/etcd-config - mountPath: /var/lib/etcd-config
name: etcd-config-path name: etcd-config-path
readOnly: true readOnly: true
@ -272,7 +272,7 @@ spec:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
name: xtables-lock name: xtables-lock
{% if identity_allocation_mode == "kvstore" %} {% if cilium_identity_allocation_mode == "kvstore" %}
# To read the etcd config stored in config maps # To read the etcd config stored in config maps
- configMap: - configMap:
defaultMode: 420 defaultMode: 420