From e257d92f41259f388839c34744d0d1b188755302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fredrik=20L=C3=B6nnegren?= Date: Wed, 11 Mar 2020 16:15:36 +0100 Subject: [PATCH] Cilium updates (#5438) * Add resources needed to deploy 1.6.4 * Use cilium v1.6.4 * Change deprecated option name * Add update crd to clusterrole cilium * Cilium 1.6.4 -> 1.6.5 * Make monitor-aggregation config configurable as a variable * Change monitor-aggregation default none->medium * Cilium 1.6.5 -> 1.6.6 * Update to 1.7.0 * v1.7.0->v1.7.1 --- roles/download/defaults/main.yml | 2 +- roles/network_plugin/cilium/defaults/main.yml | 2 ++ .../cilium/templates/cilium-config.yml.j2 | 2 +- .../cilium/templates/cilium-cr.yml.j2 | 21 ++++++++++--------- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index a19134b98..19315a739 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -80,7 +80,7 @@ cni_version: "v0.8.3" weave_version: 2.5.2 pod_infra_version: 3.1 contiv_version: 1.2.1 -cilium_version: "v1.5.5" +cilium_version: "v1.7.1" kube_ovn_version: "v0.6.0" kube_router_version: "v0.2.5" multus_version: "v3.2.1" diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index 70696cc6b..ea73a843c 100755 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -23,6 +23,8 @@ cilium_tunnel_mode: vxlan cilium_enable_prometheus: false # Enable if you want to make use of hostPort mappings cilium_enable_portmap: false +# Monitor aggregation level (none/low/medium/maximum) +cilium_monitor_aggregation: medium # If upgrading from Cilium < 1.5, you may want to override some of these options # to prevent service disruptions. See also: diff --git a/roles/network_plugin/cilium/templates/cilium-config.yml.j2 b/roles/network_plugin/cilium/templates/cilium-config.yml.j2 index 7a343d9fe..94cb27149 100644 --- a/roles/network_plugin/cilium/templates/cilium-config.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium-config.yml.j2 @@ -61,7 +61,7 @@ data: # If you want cilium monitor to aggregate tracing for packets, set this level # to "low", "medium", or "maximum". The higher the level, the less packets # that will be seen in monitor output. - monitor-aggregation-level: "none" + monitor-aggregation: "{{ cilium_monitor_aggregation }}" # ct-global-max-entries-* specifies the maximum number of connections # supported across all endpoints, split by protocol: tcp or other. One pair diff --git a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 index 9bdec5aed..94be6867a 100644 --- a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 @@ -43,6 +43,10 @@ rules: - ciliumnetworkpolicies/status - ciliumendpoints - ciliumendpoints/status + - ciliumnodes + - ciliumnodes/status + - ciliumidentities + - ciliumidentities/status verbs: - '*' --- @@ -66,7 +70,6 @@ rules: - services - nodes - endpoints - - componentstatuses verbs: - get - list @@ -88,18 +91,10 @@ rules: - nodes/status verbs: - patch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - watch - apiGroups: - apiextensions.k8s.io resources: + - ingresses - customresourcedefinitions verbs: - create @@ -112,7 +107,13 @@ rules: resources: - ciliumnetworkpolicies - ciliumnetworkpolicies/status + - ciliumclusterwidenetworkpolicies + - ciliumclusterwidenetworkpolicies/status - ciliumendpoints - ciliumendpoints/status + - ciliumnodes + - ciliumnodes/status + - ciliumidentities + - ciliumidentities/status verbs: - '*'