Add cilium_ipam_mode variable (#7418)
Starting with Cilium v1.9 the default ipam mode has changed to "Cluster Scope". See: https://docs.cilium.io/en/v1.9/concepts/networking/ipam/ With this ipam mode Cilium handles assigning subnets to nodes to use for pod ip addresses. The default Kubespray deploy uses the Kube Controller Manager for this (the --allocate-node-cidrs kube-controller-manager flag is set). This makes the proper ipam mode for kubespray using cilium v1.9+ "kubernetes". Tested with Cilium 1.9.5. This PR also mounts the cilium-config ConfigMap for this variable to be read properly. In the future we can probably remove the kvstore and kvstore-opt Cilium Operator args since they can be in the ConfigMap. I will tackle that after this merges.
This commit is contained in:
parent
cce9d3125d
commit
f05d6b3711
3 changed files with 18 additions and 2 deletions
|
@ -53,4 +53,8 @@ cilium_auto_direct_node_routes: false
|
||||||
cilium_native_routing_cidr: ""
|
cilium_native_routing_cidr: ""
|
||||||
|
|
||||||
# IPsec based transparent encryption between nodes
|
# IPsec based transparent encryption between nodes
|
||||||
cilium_ipsec_enabled: false
|
cilium_ipsec_enabled: false
|
||||||
|
|
||||||
|
# IP address management mode for v1.9+.
|
||||||
|
# https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
|
||||||
|
cilium_ipam_mode: kubernetes
|
||||||
|
|
|
@ -161,4 +161,9 @@ data:
|
||||||
enable-ipsec: "true"
|
enable-ipsec: "true"
|
||||||
ipsec-key-file: /etc/ipsec/keys
|
ipsec-key-file: /etc/ipsec/keys
|
||||||
encrypt-node: "false"
|
encrypt-node: "false"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
# IPAM settings
|
||||||
|
{% if cilium_version | regex_replace('v') is version('1.9', '>=') %}
|
||||||
|
ipam: "{{ cilium_ipam_mode }}"
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -44,6 +44,7 @@ spec:
|
||||||
containers:
|
containers:
|
||||||
- args:
|
- args:
|
||||||
- --debug=$(CILIUM_DEBUG)
|
- --debug=$(CILIUM_DEBUG)
|
||||||
|
- --config-dir=/tmp/cilium/config-map
|
||||||
- --kvstore=etcd
|
- --kvstore=etcd
|
||||||
- --kvstore-opt=etcd.config=/var/lib/etcd-config/etcd.config
|
- --kvstore-opt=etcd.config=/var/lib/etcd-config/etcd.config
|
||||||
command:
|
command:
|
||||||
|
@ -142,6 +143,9 @@ spec:
|
||||||
- mountPath: "{{cilium_cert_dir}}"
|
- mountPath: "{{cilium_cert_dir}}"
|
||||||
name: etcd-secrets
|
name: etcd-secrets
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- mountPath: /tmp/cilium/config-map
|
||||||
|
name: cilium-config-path
|
||||||
|
readOnly: true
|
||||||
dnsPolicy: ClusterFirst
|
dnsPolicy: ClusterFirst
|
||||||
priorityClassName: system-node-critical
|
priorityClassName: system-node-critical
|
||||||
restartPolicy: Always
|
restartPolicy: Always
|
||||||
|
@ -163,3 +167,6 @@ spec:
|
||||||
- name: etcd-secrets
|
- name: etcd-secrets
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "{{cilium_cert_dir}}"
|
path: "{{cilium_cert_dir}}"
|
||||||
|
- configMap:
|
||||||
|
name: cilium-config
|
||||||
|
name: cilium-config-path
|
||||||
|
|
Loading…
Reference in a new issue