Change Cilium setting identity_allocation_mode to cilium_identity_allocation_mode (#8519)
* Change Cilium identity_allocation_mode to cilium_identity_allocation_mode * Change inventory samplepull/8523/head
parent
5695c892d0
commit
84b93090a8
|
@ -1,4 +1,4 @@
|
||||||
# see roles/network_plugin/cilium/defaults/main.yml
|
# see roles/network_plugin/cilium/defaults/main.yml
|
||||||
|
|
||||||
# cilium_version: "v1.11.0"
|
# cilium_version: "v1.11.0"
|
||||||
# identity_allocation_mode: kvstore # kvstore or crd
|
# cilium_identity_allocation_mode: kvstore # kvstore or crd
|
||||||
|
|
|
@ -12,7 +12,14 @@ cilium_enable_ipv6: false
|
||||||
# These can be queried with:
|
# These can be queried with:
|
||||||
# `kubectl get ciliumid`
|
# `kubectl get ciliumid`
|
||||||
# - "kvstore" stores identities in an etcd kvstore.
|
# - "kvstore" stores identities in an etcd kvstore.
|
||||||
identity_allocation_mode: kvstore
|
# - In order to support External Workloads, "crd" is required
|
||||||
|
# - Ref: https://docs.cilium.io/en/stable/gettingstarted/external-workloads/#setting-up-support-for-external-workloads-beta
|
||||||
|
# - KVStore operations are only required when cilium-operator is running with any of the below options:
|
||||||
|
# - --synchronize-k8s-services
|
||||||
|
# - --synchronize-k8s-nodes
|
||||||
|
# - --identity-allocation-mode=kvstore
|
||||||
|
# - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations
|
||||||
|
cilium_identity_allocation_mode: kvstore
|
||||||
|
|
||||||
# Etcd SSL dirs
|
# Etcd SSL dirs
|
||||||
cilium_cert_dir: /etc/cilium/certs
|
cilium_cert_dir: /etc/cilium/certs
|
||||||
|
|
|
@ -10,5 +10,5 @@
|
||||||
|
|
||||||
- name: Stop if bad Cilium identity allocation mode
|
- name: Stop if bad Cilium identity allocation mode
|
||||||
assert:
|
assert:
|
||||||
that: identity_allocation_mode in ['crd', 'kvstore']
|
that: cilium_identity_allocation_mode in ['crd', 'kvstore']
|
||||||
msg: "identity_allocation_mode must be either 'crd' or 'kvstore'"
|
msg: "cilium_identity_allocation_mode must be either 'crd' or 'kvstore'"
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
when:
|
when:
|
||||||
- identity_allocation_mode == "kvstore"
|
- cilium_identity_allocation_mode == "kvstore"
|
||||||
|
|
||||||
- name: Cilium | Link etcd certificates for cilium
|
- name: Cilium | Link etcd certificates for cilium
|
||||||
file:
|
file:
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
- {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
|
- {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
|
||||||
- {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
|
- {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
|
||||||
when:
|
when:
|
||||||
- identity_allocation_mode == "kvstore"
|
- cilium_identity_allocation_mode == "kvstore"
|
||||||
|
|
||||||
- name: Cilium | Create hubble dir
|
- name: Cilium | Create hubble dir
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -5,9 +5,9 @@ metadata:
|
||||||
name: cilium-config
|
name: cilium-config
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
data:
|
data:
|
||||||
identity-allocation-mode: {{ identity_allocation_mode }}
|
identity-allocation-mode: {{ cilium_identity_allocation_mode }}
|
||||||
|
|
||||||
{% if identity_allocation_mode == "kvstore" %}
|
{% if cilium_identity_allocation_mode == "kvstore" %}
|
||||||
# This etcd-config contains the etcd endpoints of your cluster. If you use
|
# This etcd-config contains the etcd endpoints of your cluster. If you use
|
||||||
# TLS please make sure you follow the tutorial in https://cilium.link/etcd-config
|
# TLS please make sure you follow the tutorial in https://cilium.link/etcd-config
|
||||||
etcd-config: |-
|
etcd-config: |-
|
||||||
|
|
|
@ -135,7 +135,7 @@ spec:
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
timeoutSeconds: 3
|
timeoutSeconds: 3
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
{% if identity_allocation_mode == "kvstore" %}
|
{% if cilium_identity_allocation_mode == "kvstore" %}
|
||||||
- mountPath: /var/lib/etcd-config
|
- mountPath: /var/lib/etcd-config
|
||||||
name: etcd-config-path
|
name: etcd-config-path
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
@ -155,7 +155,7 @@ spec:
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- operator: Exists
|
||||||
volumes:
|
volumes:
|
||||||
{% if identity_allocation_mode == "kvstore" %}
|
{% if cilium_identity_allocation_mode == "kvstore" %}
|
||||||
# To read the etcd config stored in config maps
|
# To read the etcd config stored in config maps
|
||||||
- configMap:
|
- configMap:
|
||||||
defaultMode: 420
|
defaultMode: 420
|
||||||
|
|
|
@ -146,7 +146,7 @@ spec:
|
||||||
mountPath: {{ cri_socket }}
|
mountPath: {{ cri_socket }}
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if identity_allocation_mode == "kvstore" %}
|
{% if cilium_identity_allocation_mode == "kvstore" %}
|
||||||
- mountPath: /var/lib/etcd-config
|
- mountPath: /var/lib/etcd-config
|
||||||
name: etcd-config-path
|
name: etcd-config-path
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
@ -272,7 +272,7 @@ spec:
|
||||||
path: /run/xtables.lock
|
path: /run/xtables.lock
|
||||||
type: FileOrCreate
|
type: FileOrCreate
|
||||||
name: xtables-lock
|
name: xtables-lock
|
||||||
{% if identity_allocation_mode == "kvstore" %}
|
{% if cilium_identity_allocation_mode == "kvstore" %}
|
||||||
# To read the etcd config stored in config maps
|
# To read the etcd config stored in config maps
|
||||||
- configMap:
|
- configMap:
|
||||||
defaultMode: 420
|
defaultMode: 420
|
||||||
|
|
Loading…
Reference in New Issue