2021-03-24 04:46:06 +08:00
---
2022-05-11 21:23:04 +08:00
- name : Cilium | Check Cilium encryption `cilium_ipsec_key` for ipsec
2021-03-24 04:46:06 +08:00
assert :
that :
- "cilium_ipsec_key is defined"
2022-05-11 21:23:04 +08:00
msg : "cilium_ipsec_key should be defined to enable encryption using ipsec"
2021-03-24 04:46:06 +08:00
when :
2022-05-11 21:23:04 +08:00
- cilium_encryption_enabled
- cilium_encryption_type == "ipsec"
2022-01-17 01:29:28 +08:00
- cilium_tunnel_mode in ['vxlan']
2022-05-11 21:23:04 +08:00
# TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled`
- name : Stop if `cilium_ipsec_enabled` is defined and `cilium_encryption_type` is not `ipsec`
assert :
that : cilium_encryption_type == 'ipsec'
msg : >
It is not possible to use `cilium_ipsec_enabled` when `cilium_encryption_type` is set to {{ cilium_encryption_type }}.
when :
- cilium_ipsec_enabled is defined
- cilium_ipsec_enabled
- kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
- name : Stop if kernel version is too low for Cilium Wireguard encryption
assert :
that : ansible_kernel.split('-')[0] is version('5.6.0', '>=')
when :
- kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool
- cilium_encryption_enabled
- cilium_encryption_type == "wireguard"
- not ignore_assert_errors
2022-01-17 01:29:28 +08:00
- name : Stop if bad Cilium identity allocation mode
assert :
2022-02-09 06:04:35 +08:00
that : cilium_identity_allocation_mode in ['crd', 'kvstore']
msg : "cilium_identity_allocation_mode must be either 'crd' or 'kvstore'"
2022-05-11 21:23:04 +08:00
- name : Stop if bad Cilium Cluster ID
assert :
that :
- cilium_cluster_id <= 255
- cilium_cluster_id >= 0
msg : "'cilium_cluster_id' must be between 1 and 255"
when : cilium_cluster_id is defined
- name : Stop if bad encryption type
assert :
that : cilium_encryption_type in ['ipsec', 'wireguard']
msg : "cilium_encryption_type must be either 'ipsec' or 'wireguard'"
when : cilium_encryption_enabled
2022-09-19 17:14:31 +08:00
- name : Stop if cilium_version is < v1.10.0
2022-05-11 21:23:04 +08:00
assert :
2022-09-19 17:14:31 +08:00
that : cilium_version | regex_replace('v') is version(cilium_min_version_required, '>=')
msg : "cilium_version is too low. Minimum version {{ cilium_min_version_required }}"
2022-05-11 21:23:04 +08:00
# TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled`
- name : Set `cilium_encryption_type` to "ipsec" and if `cilium_ipsec_enabled` is true
set_fact :
cilium_encryption_type : ipsec
cilium_encryption_enabled : true
when :
- cilium_ipsec_enabled is defined
- cilium_ipsec_enabled
2024-06-24 11:14:56 +08:00
- name : Stop if cilium_hubble_event_buffer_capacity is not a power of 2 minus 1 and is not between 1 and 65535
assert :
that : "cilium_hubble_event_buffer_capacity in [1, 3, 7, 15, 31, 63, 127, 255, 511, 1023, 2047, 4095, 8191, 16383, 32767, 65535]"
msg : "Error: cilium_hubble_event_buffer_capacity:{{ cilium_hubble_event_buffer_capacity }} is not a power of 2 minus 1 and it should be between 1 and 65535."
when : cilium_hubble_event_buffer_capacity is defined
