richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7172 Commits
29 Branches
81 Tags
151 MiB
Tree: 71b6fa137c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '71b6fa137c'
${ noResults }
kubespray/roles/network_plugin/cilium/tasks/check.yml

63 lines
2.4 KiB
Raw Normal View History

Add support for cilium ipsec (#7342) * Add support for cilium ipsec * Fix typo for bpffs
3 years ago
Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Add support for cilium ipsec (#7342) * Add support for cilium ipsec * Fix typo for bpffs
3 years ago
Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Add support for cilium ipsec (#7342) * Add support for cilium ipsec * Fix typo for bpffs
3 years ago
Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Add identity_allocation_mode support for Cilium (#8430) Co-authored-by: Emin Aktaş <eminaktas34@gmail.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com> Signed-off-by: necatican <necaticanyildirim@gmail.com> Co-authored-by: Emin Aktaş <eminaktas34@gmail.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2 years ago
Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Add identity_allocation_mode support for Cilium (#8430) Co-authored-by: Emin Aktaş <eminaktas34@gmail.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com> Signed-off-by: necatican <necaticanyildirim@gmail.com> Co-authored-by: Emin Aktaş <eminaktas34@gmail.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2 years ago
Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode (#8519) * Change Cilium identity_allocation_mode to cilium_identity_allocation_mode * Change inventory sample
2 years ago
Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Cilium 1.12 Upgrade (#9225) * Drop support for Cilium < 1.10 Signed-off-by: necatican <necaticanyildirim@gmail.com> * Synchronize Cilium templates for 1.11.7 Signed-off-by: necatican <contact@necatican.com> * Set Cilium v1.12.1 as the default version Signed-off-by: necatican <contact@necatican.com> Signed-off-by: necatican <necaticanyildirim@gmail.com> Signed-off-by: necatican <contact@necatican.com>
2 years ago
Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
Cilium 1.12 Upgrade (#9225) * Drop support for Cilium < 1.10 Signed-off-by: necatican <necaticanyildirim@gmail.com> * Synchronize Cilium templates for 1.11.7 Signed-off-by: necatican <contact@necatican.com> * Set Cilium v1.12.1 as the default version Signed-off-by: necatican <contact@necatican.com> Signed-off-by: necatican <necaticanyildirim@gmail.com> Signed-off-by: necatican <contact@necatican.com>
2 years ago
Overhaul Cilium manifests to match the newer versions (#8717) * [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
2 years ago
  1. ---
  2. - name: Cilium | Check Cilium encryption `cilium_ipsec_key` for ipsec
  3. assert:
  4. that:
  5. - "cilium_ipsec_key is defined"
  6. msg: "cilium_ipsec_key should be defined to enable encryption using ipsec"
  7. when:
  8. - cilium_encryption_enabled
  9. - cilium_encryption_type == "ipsec"
  10. - cilium_tunnel_mode in ['vxlan']
  12. # TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled`
  13. - name: Stop if `cilium_ipsec_enabled` is defined and `cilium_encryption_type` is not `ipsec`
  14. assert:
  15. that: cilium_encryption_type == 'ipsec'
  16. msg: >
  17. It is not possible to use `cilium_ipsec_enabled` when `cilium_encryption_type` is set to {{ cilium_encryption_type }}.
  18. when:
  19. - cilium_ipsec_enabled is defined
  20. - cilium_ipsec_enabled
  21. - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
  23. - name: Stop if kernel version is too low for Cilium Wireguard encryption
  24. assert:
  25. that: ansible_kernel.split('-')[0] is version('5.6.0', '>=')
  26. when:
  27. - kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
  28. - cilium_encryption_enabled
  29. - cilium_encryption_type == "wireguard"
  30. - not ignore_assert_errors
  32. - name: Stop if bad Cilium identity allocation mode
  33. assert:
  34. that: cilium_identity_allocation_mode in ['crd', 'kvstore']
  35. msg: "cilium_identity_allocation_mode must be either 'crd' or 'kvstore'"
  37. - name: Stop if bad Cilium Cluster ID
  38. assert:
  39. that:
  40. - cilium_cluster_id <= 255
  41. - cilium_cluster_id >= 0
  42. msg: "'cilium_cluster_id' must be between 1 and 255"
  43. when: cilium_cluster_id is defined
  45. - name: Stop if bad encryption type
  46. assert:
  47. that: cilium_encryption_type in ['ipsec', 'wireguard']
  48. msg: "cilium_encryption_type must be either 'ipsec' or 'wireguard'"
  49. when: cilium_encryption_enabled
  51. - name: Stop if cilium_version is < v1.10.0
  52. assert:
  53. that: cilium_version | regex_replace('v') is version(cilium_min_version_required, '>=')
  54. msg: "cilium_version is too low. Minimum version {{ cilium_min_version_required }}"
  56. # TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled`
  57. - name: Set `cilium_encryption_type` to "ipsec" and if `cilium_ipsec_enabled` is true
  58. set_fact:
  59. cilium_encryption_type: ipsec
  60. cilium_encryption_enabled: true
  61. when:
  62. - cilium_ipsec_enabled is defined
  63. - cilium_ipsec_enabled