mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-05-15 21:37:46 -02:30
Overhaul Cilium manifests to match the newer versions (#8717)
* [cilium] Separate templates for cilium, cilium-operator, and hubble installations Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-operator templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Allow using custom args and mounting extra volumes for the Cilium Operator Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update the cilium configmap to filter out the deprecated variables, and add the new variables Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Add an option to use Wireguard encryption on Cilium 1.10 and up Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Update cilium-agent templates Signed-off-by: necatican <necaticanyildirim@gmail.com> * [cilium] Bump Cilium version to 1.11.3 Signed-off-by: necatican <necaticanyildirim@gmail.com>
This commit is contained in:
Necatican Yıldırım
committed by
GitHub
GitHub
parent
e70c00a0fe
commit
13443b05a6
@@ -48,7 +48,11 @@ cilium_kube_proxy_replacement: probe
|
||||
# to prevent service disruptions. See also:
|
||||
# http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action
|
||||
cilium_preallocate_bpf_maps: false
|
||||
|
||||
# `cilium_tofqdns_enable_poller` is deprecated in 1.8, removed in 1.9
|
||||
cilium_tofqdns_enable_poller: false
|
||||
|
||||
# `cilium_enable_legacy_services` is deprecated in 1.6, removed in 1.9
|
||||
cilium_enable_legacy_services: false
|
||||
|
||||
# Deploy cilium even if kube_network_plugin is not cilium.
|
||||
@@ -62,10 +66,38 @@ cilium_deploy_additionally: false
|
||||
# make this work. Please refer to the cilium documentation for more
|
||||
# information about this kind of setups.
|
||||
cilium_auto_direct_node_routes: false
|
||||
|
||||
# Allows to explicitly specify the IPv4 CIDR for native routing.
|
||||
# When specified, Cilium assumes networking for this CIDR is preconfigured and
|
||||
# hands traffic destined for that range to the Linux network stack without
|
||||
# applying any SNAT.
|
||||
# Generally speaking, specifying a native routing CIDR implies that Cilium can
|
||||
# depend on the underlying networking stack to route packets to their
|
||||
# destination. To offer a concrete example, if Cilium is configured to use
|
||||
# direct routing and the Kubernetes CIDR is included in the native routing CIDR,
|
||||
# the user must configure the routes to reach pods, either manually or by
|
||||
# setting the auto-direct-node-routes flag.
|
||||
cilium_native_routing_cidr: ""
|
||||
|
||||
# IPsec based transparent encryption between nodes
|
||||
cilium_ipsec_enabled: false
|
||||
# Allows to explicitly specify the IPv6 CIDR for native routing.
|
||||
cilium_native_routing_cidr_ipv6: ""
|
||||
|
||||
# Enable transparent network encryption.
|
||||
cilium_encryption_enabled: false
|
||||
|
||||
# Encryption method. Can be either ipsec or wireguard.
|
||||
# Only effective when `cilium_encryption_enabled` is set to true.
|
||||
cilium_encryption_type: "ipsec"
|
||||
|
||||
# Enable encryption for pure node to node traffic.
|
||||
# This option is only effective when `cilium_encryption_type` is set to `ipsec`.
|
||||
cilium_ipsec_node_encryption: "false"
|
||||
|
||||
# If your kernel or distribution does not support WireGuard, Cilium agent can be configured to fall back on the user-space implementation.
|
||||
# When this flag is enabled and Cilium detects that the kernel has no native support for WireGuard,
|
||||
# it will fallback on the wireguard-go user-space implementation of WireGuard.
|
||||
# This option is only effective when `cilium_encryption_type` is set to `wireguard`.
|
||||
cilium_wireguard_userspace_fallback: "false"
|
||||
|
||||
# Hubble
|
||||
### Enable Hubble without install
|
||||
@@ -89,6 +121,15 @@ cilium_hubble_tls_generate: false
|
||||
# https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
|
||||
cilium_ipam_mode: kubernetes
|
||||
|
||||
# Extra arguments for the Cilium agent
|
||||
cilium_agent_custom_args: []
|
||||
|
||||
# For adding and mounting extra volumes to the cilium agent
|
||||
cilium_agent_extra_volumes: []
|
||||
cilium_agent_extra_volume_mounts: []
|
||||
|
||||
cilium_agent_extra_env_vars: []
|
||||
|
||||
# The address at which the cillium operator bind health check api
|
||||
cilium_operator_api_serve_addr: "127.0.0.1:9234"
|
||||
|
||||
@@ -97,3 +138,23 @@ cilium_operator_api_serve_addr: "127.0.0.1:9234"
|
||||
## var1: "value1"
|
||||
## var2: "value2"
|
||||
cilium_config_extra_vars: {}
|
||||
|
||||
# For adding and mounting extra volumes to the cilium operator
|
||||
cilium_operator_extra_volumes: []
|
||||
cilium_operator_extra_volume_mounts: []
|
||||
|
||||
# Extra arguments for the Cilium Operator
|
||||
cilium_operator_custom_args: []
|
||||
|
||||
# Name of the cluster. Only relevant when building a mesh of clusters.
|
||||
cilium_cluster_name: default
|
||||
|
||||
# Make Cilium take ownership over the `/etc/cni/net.d` directory on the node, renaming all non-Cilium CNI configurations to `*.cilium_bak`.
|
||||
# This ensures no Pods can be scheduled using other CNI plugins during Cilium agent downtime.
|
||||
# Available for Cilium v1.10 and up.
|
||||
cilium_cni_exclusive: "true"
|
||||
|
||||
# Configure the log file for CNI logging with retention policy of 7 days.
|
||||
# Disable CNI file logging by setting this field to empty explicitly.
|
||||
# Available for Cilium v1.12 and up.
|
||||
cilium_cni_log_file: "/var/run/cilium/cilium-cni.log"
|
||||
|
||||
Reference in New Issue
Block a user