kubespray/roles/network_plugin/cilium/defaults/main.yml

---
# Log-level
cilium_debug: false

cilium_mtu: ""
cilium_enable_ipv4: true
cilium_enable_ipv6: false

# Etcd SSL dirs
cilium_cert_dir: /etc/cilium/certs
kube_etcd_cacert_file: ca.pem
kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem

# Limits for apps
cilium_memory_limit: 500M
cilium_cpu_limit: 500m
cilium_memory_requests: 64M
cilium_cpu_requests: 100m

# Overlay Network Mode
cilium_tunnel_mode: vxlan
# Optional features
cilium_enable_prometheus: false
cilium_enable_hubble_metrics: false
cilium_enable_hubble: false
cilium_hubble_metrics: ""
# Enable if you want to make use of hostPort mappings
cilium_enable_portmap: false
# Monitor aggregation level (none/low/medium/maximum)
cilium_monitor_aggregation: medium
# Kube Proxy Replacement mode (strict/probe/partial)
cilium_kube_proxy_replacement: probe

# If upgrading from Cilium < 1.5, you may want to override some of these options
# to prevent service disruptions. See also:
# http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action
cilium_preallocate_bpf_maps: false
cilium_tofqdns_enable_poller: false
cilium_enable_legacy_services: false

# Deploy cilium even if kube_network_plugin is not cilium.
# This enables to deploy cilium alongside another CNI to replace kube-proxy.
cilium_deploy_additionally: false

# Auto direct nodes routes can be used to advertise pods routes in your cluster
# without any tunelling (with `cilium_tunnel_mode` sets to `disabled`).
# This works only if you have a L2 connectivity between all your nodes.
# You wil also have to specify the variable `cilium_native_routing_cidr` to
# make this work. Please refer to the cilium documentation for more
# information about this kind of setups.
cilium_auto_direct_node_routes: false
cilium_native_routing_cidr: ""

# IPsec based transparent encryption between nodes
cilium_ipsec_enabled: false

# IP address management mode for v1.9+.
# https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
cilium_ipam_mode: kubernetes
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info 2018-02-17 11:37:47 +08:00			`---`
			`# Log-level`
			`cilium_debug: false`
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings. 2019-08-06 16:37:55 +08:00
Cilium: overwrite auto-detected MTU of underlying network (#6329) 2020-07-02 22:12:47 +08:00			`cilium_mtu: ""`
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings. 2019-08-06 16:37:55 +08:00			`cilium_enable_ipv4: true`
			`cilium_enable_ipv6: false`
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info 2018-02-17 11:37:47 +08:00
			`# Etcd SSL dirs`
			`cilium_cert_dir: /etc/cilium/certs`
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca 2019-04-19 21:01:54 +08:00			`kube_etcd_cacert_file: ca.pem`
			`kube_etcd_cert_file: node-{{ inventory_hostname }}.pem`
			`kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem`
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info 2018-02-17 11:37:47 +08:00
			`# Limits for apps`
			`cilium_memory_limit: 500M`
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)... 2018-07-27 04:17:27 +08:00			`cilium_cpu_limit: 500m`
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info 2018-02-17 11:37:47 +08:00			`cilium_memory_requests: 64M`
cilium v1.1.2 Update all configs to current upstream state. Add more resources (unable to pass tests now)... 2018-07-27 04:17:27 +08:00			`cilium_cpu_requests: 100m`
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info 2018-02-17 11:37:47 +08:00
Add cilium_tunnel_mode variable to the cilium config (#5295) 2019-11-11 19:19:42 +08:00			`# Overlay Network Mode`
			`cilium_tunnel_mode: vxlan`
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info 2018-02-17 11:37:47 +08:00			`# Optional features`
			`cilium_enable_prometheus: false`
improve Cilium metrics support (#6513) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> 2020-08-18 15:35:29 +08:00			`cilium_enable_hubble_metrics: false`
Add cilium hubble server in config (#6575) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> 2020-08-27 14:19:02 +08:00			`cilium_enable_hubble: false`
			`cilium_hubble_metrics: ""`
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings. 2019-08-06 16:37:55 +08:00			`# Enable if you want to make use of hostPort mappings`
			`cilium_enable_portmap: false`
Cilium updates (#5438) * Add resources needed to deploy 1.6.4 * Use cilium v1.6.4 * Change deprecated option name * Add update crd to clusterrole cilium * Cilium 1.6.4 -> 1.6.5 * Make monitor-aggregation config configurable as a variable * Change monitor-aggregation default none->medium * Cilium 1.6.5 -> 1.6.6 * Update to 1.7.0 * v1.7.0->v1.7.1 2020-03-11 23:15:36 +08:00			`# Monitor aggregation level (none/low/medium/maximum)`
			`cilium_monitor_aggregation: medium`
Adding kube-proxy-replacement support in cilium (#6334) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> 2020-07-30 17:46:31 +08:00			`# Kube Proxy Replacement mode (strict/probe/partial)`
			`cilium_kube_proxy_replacement: probe`
Upgrade Cilium network plugin to v1.5.5. (#5014) * Needs an additional cilium-operator deployment. * Added option to enable hostPort mappings. 2019-08-06 16:37:55 +08:00
			`# If upgrading from Cilium < 1.5, you may want to override some of these options`
			`# to prevent service disruptions. See also:`
			`# http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action`
			`cilium_preallocate_bpf_maps: false`
			`cilium_tofqdns_enable_poller: false`
			`cilium_enable_legacy_services: false`
Add a way to deploy cilium alongside another CNI (#6373) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> 2020-07-17 20:57:01 +08:00
			`# Deploy cilium even if kube_network_plugin is not cilium.`
			`# This enables to deploy cilium alongside another CNI to replace kube-proxy.`
			`cilium_deploy_additionally: false`
Add new cilium options for native routing (#6519) Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr> 2020-08-18 15:39:42 +08:00
			`# Auto direct nodes routes can be used to advertise pods routes in your cluster`
			# without any tunelling (with `cilium_tunnel_mode` sets to `disabled`).
			`# This works only if you have a L2 connectivity between all your nodes.`
			# You wil also have to specify the variable `cilium_native_routing_cidr` to
			`# make this work. Please refer to the cilium documentation for more`
			`# information about this kind of setups.`
			`cilium_auto_direct_node_routes: false`
			`cilium_native_routing_cidr: ""`
Add support for cilium ipsec (#7342) * Add support for cilium ipsec * Fix typo for bpffs 2021-03-24 04:46:06 +08:00
			`# IPsec based transparent encryption between nodes`
Add cilium_ipam_mode variable (#7418) Starting with Cilium v1.9 the default ipam mode has changed to "Cluster Scope". See: https://docs.cilium.io/en/v1.9/concepts/networking/ipam/ With this ipam mode Cilium handles assigning subnets to nodes to use for pod ip addresses. The default Kubespray deploy uses the Kube Controller Manager for this (the --allocate-node-cidrs kube-controller-manager flag is set). This makes the proper ipam mode for kubespray using cilium v1.9+ "kubernetes". Tested with Cilium 1.9.5. This PR also mounts the cilium-config ConfigMap for this variable to be read properly. In the future we can probably remove the kvstore and kvstore-opt Cilium Operator args since they can be in the ConfigMap. I will tackle that after this merges. 2021-04-01 22:33:22 +08:00			`cilium_ipsec_enabled: false`

			`# IP address management mode for v1.9+.`
			`# https://docs.cilium.io/en/v1.9/concepts/networking/ipam/`
			`cilium_ipam_mode: kubernetes`