From 2ae3ea9ee39b86050f97bb9df2a3e30631215105 Mon Sep 17 00:00:00 2001
From: biqiang Wu <62228454+dcwbq@users.noreply.github.com>
Date: Tue, 14 Mar 2023 08:45:10 +0800
Subject: [PATCH] Modified the default value of cilium IPAM and added the
 support for related parameters (#9443)

Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
---
 docs/cilium.md                                | 43 +++++++++++++++++++
 roles/network_plugin/cilium/defaults/main.yml | 22 ++++++++--
 .../cilium/templates/cilium/config.yml.j2     |  8 ++++
 3 files changed, 70 insertions(+), 3 deletions(-)

diff --git a/docs/cilium.md b/docs/cilium.md
index 4141e383e..e03c1a087 100644
--- a/docs/cilium.md
+++ b/docs/cilium.md
@@ -1,5 +1,48 @@
 # Cilium
 
+## IP Address Management (IPAM)
+
+IP Address Management (IPAM) is responsible for the allocation and management of IP addresses used by network endpoints (container and others) managed by Cilium. The default mode is "Cluster Scope".
+
+You can set the following parameters:
+
+```yml
+cilium_ipam_mode: cluster-pool
+```
+
+### Set the cluster Pod CIDRs
+
+Cluster Pod CIDRs use the kube_pods_subnet value by default.
+If your node network is in the same range you will lose connectivity to other nodes
+
+You can set the following parameters:
+
+```yml
+cilium_pool_cidr: 10.233.64.0/18
+```
+
+When cilium_enable_ipv6 is used, you need to set the IPV6 value:
+
+```yml
+cilium_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
+```
+
+### Set the Pod CIDR size of a node
+
+When cilium IPAM uses the "Cluster Scope" mode, it will pre-allocate a segment of IP to each node,
+schedule the Pod to this node, and then allocate IP from here. cilium_pool_mask_size Specifies
+the size allocated from cluster Pod CIDR to node.ipam.podCIDRs
+
+```yml
+cilium_pool_mask_size: "26"
+```
+
+cilium_pool_mask_size Specifies the size allocated to node.ipam.podCIDRs from cluster Pod IPV6 CIDR
+
+```yml
+cilium_pool_mask_size_ipv6: "120"
+```
+
 ## Kube-proxy replacement with Cilium
 
 Cilium can run without kube-proxy by setting `cilium_kube_proxy_replacement`
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index b58b39e15..a9a38d9cb 100644
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -152,9 +152,25 @@ cilium_hubble_install: false
 ### Enable auto generate certs if cilium_hubble_install: true
 cilium_hubble_tls_generate: false
 
-# IP address management mode for v1.9+.
-# https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
-cilium_ipam_mode: kubernetes
+# The default IP address management mode is "Cluster Scope".
+# https://docs.cilium.io/en/stable/concepts/networking/ipam/
+cilium_ipam_mode: cluster-pool
+
+# Cluster Pod CIDRs use the kube_pods_subnet value by default.
+# If your node network is in the same range you will lose connectivity to other nodes
+cilium_pool_cidr: "{{ kube_pods_subnet | 10.233.64.0/18 }}"
+
+# When cilium_enable_ipv6 is used, you need to set the IPV6 value
+cilium_pool_cidr_ipv6: "{{ kube_pods_subnet_ipv6 | fd85:ee78:d8a6:8607::1:0000/112 }}"
+
+# When cilium IPAM uses the "Cluster Scope" mode, it will pre-allocate a segment of IP to each node,
+# schedule the Pod to this node, and then allocate IP from here. cilium_pool_mask_size Specifies
+# the size allocated from cluster Pod CIDR to node.ipam.podCIDRs
+cilium_pool_mask_size: "26"
+
+# cilium_pool_mask_size Specifies the size allocated to node.ipam.podCIDRs from cluster Pod IPV6 CIDR
+cilium_pool_mask_size_ipv6: "120"
+
 
 # Extra arguments for the Cilium agent
 cilium_agent_custom_args: []
diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
index 7a524c6ba..6b727bc6f 100644
--- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
@@ -205,6 +205,14 @@ data:
 
   # IPAM settings
   ipam: "{{ cilium_ipam_mode }}"
+{% if cilium_ipam_mode == "cluster-pool" %}
+  cluster-pool-ipv4-cidr: {% cilium_pool_cidr | default(kube_pods_subnet) %}
+  cluster-pool-ipv4-mask-size: {% cilium_pool_mask_size %}
+{% if cilium_enable_ipv6 %}
+  cluster-pool-ipv6-cidr: {% cilium_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) %}
+  cluster-pool-ipv6-mask-size: {% cilium_pool_mask_size_ipv6 %}
+{% endif %}
+{% endif %}
 
   agent-health-port: "{{ cilium_agent_health_port }}"
 
-- 
GitLab