From 09e9c4357015175cd12acf8b418a9a2154439cf7 Mon Sep 17 00:00:00 2001 From: Ali Afsharzadeh Date: Wed, 6 May 2026 13:26:22 +0330 Subject: [PATCH] Disable controller-manager allocate-node-cidrs for cilium cluster-pool ipam (#13148) Signed-off-by: Ali Afsharzadeh --- .../templates/kubeadm-config.v1beta4.yaml.j2 | 11 ++++++++++- roles/kubespray_defaults/defaults/main/main.yml | 4 ++++ roles/network_plugin/cilium/defaults/main.yml | 4 ---- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 index 47e6011ee..a86fe42ae 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 @@ -365,7 +365,16 @@ controllerManager: {% endif %} - name: service-cluster-ip-range value: "{{ kube_service_subnets }}" -{% if kube_network_plugin is defined and kube_network_plugin == "calico" and not calico_ipam_host_local %} +{% if ( + kube_network_plugin is defined and + kube_network_plugin == "calico" and + not calico_ipam_host_local + ) or ( + kube_network_plugin is defined and + kube_network_plugin == "cilium" and + cilium_ipam_mode == "cluster-pool" + ) +%} - name: allocate-node-cidrs value: "false" {% else %} diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml index 9fe5c0171..6743077f5 100644 --- a/roles/kubespray_defaults/defaults/main/main.yml +++ b/roles/kubespray_defaults/defaults/main/main.yml @@ -233,6 +233,10 @@ cilium_deploy_additionally: false # - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations cilium_identity_allocation_mode: crd +# The default IP address management mode is "Cluster Scope". +# https://docs.cilium.io/en/stable/concepts/networking/ipam/ +cilium_ipam_mode: cluster-pool + # Determines if calico_rr group exists peer_with_calico_rr: "{{ 'calico_rr' in groups and groups['calico_rr'] | length > 0 }}" diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index 4f2a376cc..79681e054 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -171,10 +171,6 @@ cilium_hubble_peer_service_cluster_domain: "{{ dns_domain }}" cilium_gateway_api_enabled: false -# The default IP address management mode is "Cluster Scope". -# https://docs.cilium.io/en/stable/concepts/networking/ipam/ -cilium_ipam_mode: cluster-pool - # Cluster Pod CIDRs use the kube_pods_subnet value by default. # If your node network is in the same range you will lose connectivity to other nodes. # Defaults to kube_pods_subnet if not set.