kubeasz/roles/cilium/tasks/main.yml

- name: 转换内核版本为浮点数
  set_fact:
     KERNEL_VER: "{{ ansible_kernel.split('-')[0].split('.')[0]|int + ansible_kernel.split('-')[0].split('.')[1]|int/100 }}"

- name: 检查内核版本>4.9
  fail: msg="kernel {{ ansible_kernel }} is too old for cilium installing"
  when: "KERNEL_VER|float <= 4.09"

- block:
    - name: 创建 cilium chart 个性化设置
      template: src=values.yaml.j2 dest={{ cluster_dir }}/yml/cilium-values.yaml

    - name: helm 删除 cilium {{ cilium_ver }}
      shell: "{{ base_dir }}/bin/helm delete cilium -n kube-system || echo true; sleep 3"
      tags: force_change_certs
      when: 'CHANGE_CA|bool'

    - name: helm 创建 cilium {{ cilium_ver }}
      shell: "{{ base_dir }}/bin/helm upgrade cilium --install \
              -n kube-system -f {{ cluster_dir }}/yml/cilium-values.yaml \
              {{ base_dir }}/roles/cilium/files/cilium-{{ cilium_ver }}.tgz"
      tags: force_change_certs
  run_once: true
  connection: local  

- name: 下载client工具
  copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
  with_items:
  - cilium
  - hubble

# 删除原有cni配置
- name: 删除默认cni配置
  file: path=/etc/cni/net.d/10-default.conf state=absent

# 等待网络插件部署成功，视下载镜像速度而定
- name: 轮询等待cilium-node 运行
  shell: "{{ base_dir }}/bin/kubectl get pod -n kube-system -owide -lk8s-app=cilium|grep ' {{ K8S_NODENAME }} '|awk '{print $3}'"
  register: pod_status
  until: pod_status.stdout == "Running"
  retries: 15
  delay: 8
  ignore_errors: true
  connection: local
  tags: force_change_certs

# hubble-relay 可能需要重启一下
- name: 重启hubble-relay pod
  shell: "{{ base_dir }}/bin/kubectl -n kube-system scale deploy hubble-relay --replicas=0 && sleep 5 && \
            {{ base_dir }}/bin/kubectl -n kube-system scale deploy hubble-relay --replicas=1"
  run_once: true
  connection: local
  when: "cilium_hubble_enabled|bool"
  tags: force_change_certs
修复cilium安装时判断内核版本逻辑 2019-03-06 22:58:10 +08:00			`- name: 转换内核版本为浮点数`
			`set_fact:`
			`KERNEL_VER: "{{ ansible_kernel.split('-')[0].split('.')[0]\|int + ansible_kernel.split('-')[0].split('.')[1]\|int/100 }}"`

update cilium v1.4.1 2019-03-03 10:01:22 +08:00			`- name: 检查内核版本>4.9`
			`fail: msg="kernel {{ ansible_kernel }} is too old for cilium installing"`
更新dashboard关于basic-auth认证的相关 2019-04-04 09:08:27 +08:00			`when: "KERNEL_VER\|float <= 4.09"`
调整去掉delegate_to deploy节点的任务 2019-05-31 00:00:01 +08:00
update cilium 1.11.5 2022-06-13 19:29:30 +08:00			`- block:`
			`- name: 创建 cilium chart 个性化设置`
			`template: src=values.yaml.j2 dest={{ cluster_dir }}/yml/cilium-values.yaml`
add network plugin: cilium 2018-08-05 16:12:32 +08:00
adjust scripts to support recreating CA and certs 2022-11-27 20:42:58 +08:00			`- name: helm 删除 cilium {{ cilium_ver }}`
			`shell: "{{ base_dir }}/bin/helm delete cilium -n kube-system \|\| echo true; sleep 3"`
			`tags: force_change_certs`
			`when: 'CHANGE_CA\|bool'`

update cilium 1.11.5 2022-06-13 19:29:30 +08:00			`- name: helm 创建 cilium {{ cilium_ver }}`
			`shell: "{{ base_dir }}/bin/helm upgrade cilium --install \`
			`-n kube-system -f {{ cluster_dir }}/yml/cilium-values.yaml \`
			`{{ base_dir }}/roles/cilium/files/cilium-{{ cilium_ver }}.tgz"`
adjust scripts to support recreating CA and certs 2022-11-27 20:42:58 +08:00			`tags: force_change_certs`
minor fixes 2021-04-15 23:19:40 +08:00			`run_once: true`
update cilium 1.11.5 2022-06-13 19:29:30 +08:00			`connection: local`
add network plugin: cilium 2018-08-05 16:12:32 +08:00
update cilium docs and scripts 2022-07-02 21:52:48 +08:00			`- name: 下载client工具`
			`copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755`
			`with_items:`
			`- cilium`
			`- hubble`

add network plugin: cilium 2018-08-05 16:12:32 +08:00			`# 删除原有cni配置`
			`- name: 删除默认cni配置`
			`file: path=/etc/cni/net.d/10-default.conf state=absent`

			`# 等待网络插件部署成功，视下载镜像速度而定`
remove kubectl admin kubeconfig to improve security 2022-10-09 19:24:44 +08:00			`- name: 轮询等待cilium-node 运行`
feat: add support to set nodenaem 2023-01-15 21:41:45 +08:00			`shell: "{{ base_dir }}/bin/kubectl get pod -n kube-system -owide -lk8s-app=cilium\|grep ' {{ K8S_NODENAME }} '\|awk '{print $3}'"`
add network plugin: cilium 2018-08-05 16:12:32 +08:00			`register: pod_status`
			`until: pod_status.stdout == "Running"`
fix 网络插件离线镜像不存在时安装的错误信息 2018-08-30 20:17:05 +08:00			`retries: 15`
add network plugin: cilium 2018-08-05 16:12:32 +08:00			`delay: 8`
增加随机basic auth密码等脚本优化 2019-02-25 23:11:08 +08:00			`ignore_errors: true`
remove kubectl admin kubeconfig to improve security 2022-10-09 19:24:44 +08:00			`connection: local`
adjust scripts to support recreating CA and certs 2022-11-27 20:42:58 +08:00			`tags: force_change_certs`
fix: cilium installation 2022-07-02 22:51:49 +08:00
			`# hubble-relay 可能需要重启一下`
			`- name: 重启hubble-relay pod`
			`shell: "{{ base_dir }}/bin/kubectl -n kube-system scale deploy hubble-relay --replicas=0 && sleep 5 && \`
			`{{ base_dir }}/bin/kubectl -n kube-system scale deploy hubble-relay --replicas=1"`
			`run_once: true`
			`connection: local`
			`when: "cilium_hubble_enabled\|bool"`
adjust scripts to support recreating CA and certs 2022-11-27 20:42:58 +08:00			`tags: force_change_certs`