From 491e260d20f28c74dcd3d89a7abd32f854b4cd5b Mon Sep 17 00:00:00 2001
From: janaurka <5986148+janaurka@users.noreply.github.com>
Date: Mon, 19 Dec 2022 00:39:43 +0100
Subject: [PATCH] Feature/add flannel wireguard encryption backend as option
 (#9583)

* feat(): Add wireguard backend to flannel cni

As described in the flannel docs:
https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard

This does not support optional configuration methods like:
- setting a psk (will be autogenerated by default)
- chang listening ports
- change mode (defaults to 'separate')
- change PersistentKeepaliveInterval (defaults to 0)

* Add supported backends to flannel docs

* Fix markdown in docs
---
 docs/flannel.md                                          | 2 ++
 .../sample/group_vars/k8s_cluster/k8s-net-flannel.yml    | 3 +--
 roles/network_plugin/flannel/tasks/main.yml              | 9 +++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/docs/flannel.md b/docs/flannel.md
index d4a9b9713..78937b1b8 100644
--- a/docs/flannel.md
+++ b/docs/flannel.md
@@ -2,6 +2,8 @@
 
 Flannel is a network fabric for containers, designed for Kubernetes
 
+Supported [backends](https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard): `vxlan`, `host-gw` and `wireguard`
+
 **Warning:** You may encounter this [bug](https://github.com/coreos/flannel/pull/1282) with `VXLAN` backend, while waiting on a newer Flannel version the current workaround (`ethtool --offload flannel.1 rx off tx off`) is showcase in kubespray [networking test](tests/testcases/040_check-network-adv.yml:31).
 
 ## Verifying flannel install
diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml
index 1a38ba71f..64d20a825 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml
@@ -10,8 +10,7 @@
 ## single quote and escape backslashes
 # flannel_interface_regexp: '10\\.0\\.[0-2]\\.\\d{1,3}'
 
-# You can choose what type of flannel backend to use: 'vxlan' or 'host-gw'
-# for experimental backend
+# You can choose what type of flannel backend to use: 'vxlan',  'host-gw' or 'wireguard'
 # please refer to flannel's docs : https://github.com/coreos/flannel/blob/master/README.md
 # flannel_backend_type: "vxlan"
 # flannel_vxlan_vni: 1
diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml
index c8de8cea5..2fd82e938 100644
--- a/roles/network_plugin/flannel/tasks/main.yml
+++ b/roles/network_plugin/flannel/tasks/main.yml
@@ -1,4 +1,13 @@
 ---
+
+- name: Flannel | Stop if kernel version is too low for Flannel Wireguard encryption
+  assert:
+    that: ansible_kernel.split('-')[0] is version('5.6.0', '>=')
+  when:
+    - kube_network_plugin == 'flannel'
+    - flannel_backend_type == 'wireguard'
+    - not ignore_assert_errors
+
 - name: Flannel | Create Flannel manifests
   template:
     src: "{{ item.file }}.j2"
-- 
GitLab