From e257d92f41259f388839c34744d0d1b188755302 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fredrik=20L=C3=B6nnegren?= <fredrik.lonnegren@gmail.com>
Date: Wed, 11 Mar 2020 16:15:36 +0100
Subject: [PATCH] Cilium updates (#5438)
* Add resources needed to deploy 1.6.4
* Use cilium v1.6.4
* Change deprecated option name
* Add update crd to clusterrole cilium
* Cilium 1.6.4 -> 1.6.5
* Make monitor-aggregation config configurable as a variable
* Change monitor-aggregation default none->medium
* Cilium 1.6.5 -> 1.6.6
* Update to 1.7.0
* v1.7.0->v1.7.1
---
roles/download/defaults/main.yml | 2 +-
roles/network_plugin/cilium/defaults/main.yml | 2 ++
.../cilium/templates/cilium-config.yml.j2 | 2 +-
.../cilium/templates/cilium-cr.yml.j2 | 21 ++++++++++---------
4 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a19134b98..19315a739 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -80,7 +80,7 @@ cni_version: "v0.8.3"
weave_version: 2.5.2
pod_infra_version: 3.1
contiv_version: 1.2.1
-cilium_version: "v1.5.5"
+cilium_version: "v1.7.1"
kube_ovn_version: "v0.6.0"
kube_router_version: "v0.2.5"
multus_version: "v3.2.1"
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index 70696cc6b..ea73a843c 100755
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -23,6 +23,8 @@ cilium_tunnel_mode: vxlan
cilium_enable_prometheus: false
# Enable if you want to make use of hostPort mappings
cilium_enable_portmap: false
+# Monitor aggregation level (none/low/medium/maximum)
+cilium_monitor_aggregation: medium
# If upgrading from Cilium < 1.5, you may want to override some of these options
# to prevent service disruptions. See also:
diff --git a/roles/network_plugin/cilium/templates/cilium-config.yml.j2 b/roles/network_plugin/cilium/templates/cilium-config.yml.j2
index 7a343d9fe..94cb27149 100644
--- a/roles/network_plugin/cilium/templates/cilium-config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-config.yml.j2
@@ -61,7 +61,7 @@ data:
# If you want cilium monitor to aggregate tracing for packets, set this level
# to "low", "medium", or "maximum". The higher the level, the less packets
# that will be seen in monitor output.
- monitor-aggregation-level: "none"
+ monitor-aggregation: "{{ cilium_monitor_aggregation }}"
# ct-global-max-entries-* specifies the maximum number of connections
# supported across all endpoints, split by protocol: tcp or other. One pair
diff --git a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
index 9bdec5aed..94be6867a 100644
--- a/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-cr.yml.j2
@@ -43,6 +43,10 @@ rules:
- ciliumnetworkpolicies/status
- ciliumendpoints
- ciliumendpoints/status
+ - ciliumnodes
+ - ciliumnodes/status
+ - ciliumidentities
+ - ciliumidentities/status
verbs:
- '*'
---
@@ -66,7 +70,6 @@ rules:
- services
- nodes
- endpoints
- - componentstatuses
verbs:
- get
- list
@@ -88,18 +91,10 @@ rules:
- nodes/status
verbs:
- patch
- - apiGroups:
- - extensions
- resources:
- - ingresses
- verbs:
- - create
- - get
- - list
- - watch
- apiGroups:
- apiextensions.k8s.io
resources:
+ - ingresses
- customresourcedefinitions
verbs:
- create
@@ -112,7 +107,13 @@ rules:
resources:
- ciliumnetworkpolicies
- ciliumnetworkpolicies/status
+ - ciliumclusterwidenetworkpolicies
+ - ciliumclusterwidenetworkpolicies/status
- ciliumendpoints
- ciliumendpoints/status
+ - ciliumnodes
+ - ciliumnodes/status
+ - ciliumidentities
+ - ciliumidentities/status
verbs:
- '*'
--
GitLab