Browse Source

Adding kube-proxy-replacement support in cilium (#6334)

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
pull/6426/head
Arthur Outhenin-Chalandre 4 years ago
committed by GitHub
parent
commit
3550e3c145
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 30 additions and 2 deletions
  1. 5
      .gitlab-ci/packet.yml
  2. 2
      docs/ci.md
  3. 9
      roles/kubespray-defaults/defaults/main.yaml
  4. 2
      roles/network_plugin/cilium/defaults/main.yml
  5. 2
      roles/network_plugin/cilium/templates/cilium-config.yml.j2
  6. 12
      tests/files/packet_debian10-cilium-svc-proxy.yml

5
.gitlab-ci/packet.yml

@ -68,6 +68,11 @@ packet_ubuntu16-kube-router-svc-proxy:
extends: .packet
when: manual
packet_debian10-cilium-svc-proxy:
stage: deploy-part2
extends: .packet
when: manual
packet_debian10-containerd:
stage: deploy-part2
extends: .packet

2
docs/ci.md

@ -9,7 +9,7 @@ To generate this Matrix run `./tests/scripts/md-table/main.py`
amazon | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :white_check_mark: |
centos8 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: |
debian10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian10 | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
debian9 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: |
fedora30 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
fedora31 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: |

9
roles/kubespray-defaults/defaults/main.yaml

@ -27,7 +27,14 @@ kubeadm_use_hyperkube_image: False
kube_proxy_mode: ipvs
## Delete kube-proxy daemonset if kube_proxy_remove set, e.g. kube_network_plugin providing proxy services
kube_proxy_remove: "{{ (kube_network_plugin == 'kube-router') and (kube_router_run_service_proxy is defined and kube_router_run_service_proxy)| bool }}"
kube_proxy_remove: >-
{%- if kube_network_plugin == 'kube-router' -%}
{{ (kube_router_run_service_proxy is defined and kube_router_run_service_proxy)| bool }}
{%- elif kube_network_plugin == 'cilium' -%}
{{ (cilium_kube_proxy_replacement is defined and cilium_kube_proxy_replacement == 'strict')| bool }}
{%- else -%}
false
{%- endif -%}
# A string slice of values which specify the addresses to use for NodePorts.
# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32).

2
roles/network_plugin/cilium/defaults/main.yml

@ -26,6 +26,8 @@ cilium_enable_prometheus: false
cilium_enable_portmap: false
# Monitor aggregation level (none/low/medium/maximum)
cilium_monitor_aggregation: medium
# Kube Proxy Replacement mode (strict/probe/partial)
cilium_kube_proxy_replacement: probe
# If upgrading from Cilium < 1.5, you may want to override some of these options
# to prevent service disruptions. See also:

2
roles/network_plugin/cilium/templates/cilium-config.yml.j2

@ -140,3 +140,5 @@ data:
# Enable legacy services (prior v1.5) to prevent from terminating existing
# connections with services when upgrading Cilium from < v1.5 to v1.5.
enable-legacy-services: "{{cilium_enable_legacy_services}}"
kube-proxy-replacement: "{{ cilium_kube_proxy_replacement }}"

12
tests/files/packet_debian10-cilium-svc-proxy.yml

@ -0,0 +1,12 @@
---
# Instance settings
cloud_image: debian-10
mode: separate
# Kubespray settings
kube_network_plugin: cilium
deploy_netchecker: true
enable_network_policy: true
dns_min_replicas: 1
cilium_kube_proxy_replacement: strict
Loading…
Cancel
Save