Upgrade cilium role (#7521)

* Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme
2026-05-07 01:17:39 -02:30 · 2021-04-30 18:09:59 +03:00
parent d29ea386d6
commit 2556eb2733
21 changed files with 772 additions and 16 deletions
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -20,16 +20,27 @@
    dest: "{{ cilium_cert_dir }}/{{ item.d }}"
    state: hard
    force: yes
-  with_items:
+  loop:
    - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
    - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
    - {s: "{{ kube_etcd_key_file }}", d: "key.pem"}

+- name: Cilium | Create hubble dir
+  file:
+    path: "{{ kube_config_dir }}/addons/hubble"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - cilium_hubble_install
+
 - name: Cilium | Create Cilium node manifests
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
-  with_items:
+  loop:
    - {name: cilium, file: cilium-config.yml, type: cm}
    - {name: cilium, file: cilium-crb.yml, type: clusterrolebinding}
    - {name: cilium, file: cilium-cr.yml, type: clusterrole}
@@ -42,6 +53,25 @@
    - inventory_hostname in groups['kube_control_plane']
    - item.when | default(True) | bool

+- name: Cilium | Create Cilium Hubble manifests
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/addons/hubble/{{ item.file }}"
+  loop:
+    - {name: hubble, file: hubble-config.yml, type: cm}
+    - {name: hubble, file: hubble-crb.yml, type: clusterrolebinding}
+    - {name: hubble, file: hubble-cr.yml, type: clusterrole}
+    - {name: hubble, file: hubble-cronjob.yml, type: cronjob, when: "{{ cilium_hubble_tls_generate }}"}
+    - {name: hubble, file: hubble-deploy.yml, type: deploy}
+    - {name: hubble, file: hubble-job.yml, type: job, when: "{{ cilium_hubble_tls_generate }}"}
+    - {name: hubble, file: hubble-sa.yml, type: sa}
+    - {name: hubble, file: hubble-service.yml, type: service}
+  register: cilium_hubble_manifests
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - cilium_enable_hubble and cilium_hubble_install
+    - item.when | default(True) | bool
+
 - name: Cilium | Enable portmap addon
  template:
    src: 000-cilium-portmap.conflist.j2