From 1a1fe9966954354b3da87a936174bbaed3e89ff0 Mon Sep 17 00:00:00 2001
From: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
Date: Fri, 17 Jul 2020 14:57:01 +0200
Subject: [PATCH] Add a way to deploy cilium alongside another CNI (#6373)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
---
roles/download/defaults/main.yml | 6 +++---
roles/kubernetes-apps/network_plugin/meta/main.yml | 2 +-
roles/kubernetes/preinstall/tasks/0020-verify-settings.yml | 2 +-
roles/network_plugin/cilium/defaults/main.yml | 4 ++++
roles/network_plugin/meta/main.yml | 2 +-
5 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a24c6173c..8b1159ba6 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -677,7 +677,7 @@ downloads:
- k8s-cluster
cilium:
- enabled: "{{ kube_network_plugin == 'cilium' }}"
+ enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
container: true
repo: "{{ cilium_image_repo }}"
tag: "{{ cilium_image_tag }}"
@@ -686,7 +686,7 @@ downloads:
- k8s-cluster
cilium_init:
- enabled: "{{ kube_network_plugin == 'cilium' }}"
+ enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
container: true
repo: "{{ cilium_init_image_repo }}"
tag: "{{ cilium_init_image_tag }}"
@@ -695,7 +695,7 @@ downloads:
- k8s-cluster
cilium_operator:
- enabled: "{{ kube_network_plugin == 'cilium' }}"
+ enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
container: true
repo: "{{ cilium_operator_image_repo }}"
tag: "{{ cilium_operator_image_tag }}"
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index c208839d3..b5d1c0473 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -1,7 +1,7 @@
---
dependencies:
- role: kubernetes-apps/network_plugin/cilium
- when: kube_network_plugin == 'cilium'
+ when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
tags:
- cilium
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index 8ae9922f9..987a4643a 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -130,7 +130,7 @@
assert:
that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
when:
- - kube_network_plugin == 'cilium'
+ - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
- not ignore_assert_errors
- name: Stop if bad hostname
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index fa4361fb1..dce905dee 100755
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -33,3 +33,7 @@ cilium_monitor_aggregation: medium
cilium_preallocate_bpf_maps: false
cilium_tofqdns_enable_poller: false
cilium_enable_legacy_services: false
+
+# Deploy cilium even if kube_network_plugin is not cilium.
+# This enables to deploy cilium alongside another CNI to replace kube-proxy.
+cilium_deploy_additionally: false
diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml
index 779bdfc5d..66b283e33 100644
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -1,7 +1,7 @@
---
dependencies:
- role: network_plugin/cilium
- when: kube_network_plugin == 'cilium'
+ when: kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
tags:
- cilium
--
GitLab