From 341da0e8cb8c3a48d0acaf0274dbb5340217e67c Mon Sep 17 00:00:00 2001 From: ERIK Date: Fri, 20 Mar 2026 17:02:13 +0800 Subject: [PATCH] Fix kubeadm task failure when cilium_identity_allocation_mode is undefined (#13121) Signed-off-by: bo.jiang --- roles/kubespray_defaults/defaults/main/main.yml | 15 +++++++++++++++ roles/network_plugin/cilium/defaults/main.yml | 15 --------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml index 042c6ed4a..d7280a69f 100644 --- a/roles/kubespray_defaults/defaults/main/main.yml +++ b/roles/kubespray_defaults/defaults/main/main.yml @@ -218,6 +218,21 @@ kube_network_plugin_multus: false # This enables to deploy cilium alongside another CNI to replace kube-proxy. cilium_deploy_additionally: false +# Identity allocation mode selects how identities are shared between cilium +# nodes by setting how they are stored. The options are "crd" or "kvstore". +# - "crd" stores identities in kubernetes as CRDs (custom resource definition). +# These can be queried with: +# `kubectl get ciliumid` +# - "kvstore" stores identities in an etcd kvstore. +# - In order to support External Workloads, "crd" is required +# - Ref: https://docs.cilium.io/en/stable/gettingstarted/external-workloads/#setting-up-support-for-external-workloads-beta +# - KVStore operations are only required when cilium-operator is running with any of the below options: +# - --synchronize-k8s-services +# - --synchronize-k8s-nodes +# - --identity-allocation-mode=kvstore +# - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations +cilium_identity_allocation_mode: crd + # Determines if calico_rr group exists peer_with_calico_rr: "{{ 'calico_rr' in groups and groups['calico_rr'] | length > 0 }}" diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index b9d36205f..4f2a376cc 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -14,21 +14,6 @@ cilium_l2announcements: false # Cilium agent health port cilium_agent_health_port: "9879" -# Identity allocation mode selects how identities are shared between cilium -# nodes by setting how they are stored. The options are "crd" or "kvstore". -# - "crd" stores identities in kubernetes as CRDs (custom resource definition). -# These can be queried with: -# `kubectl get ciliumid` -# - "kvstore" stores identities in an etcd kvstore. -# - In order to support External Workloads, "crd" is required -# - Ref: https://docs.cilium.io/en/stable/gettingstarted/external-workloads/#setting-up-support-for-external-workloads-beta -# - KVStore operations are only required when cilium-operator is running with any of the below options: -# - --synchronize-k8s-services -# - --synchronize-k8s-nodes -# - --identity-allocation-mode=kvstore -# - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations -cilium_identity_allocation_mode: crd - # Etcd SSL dirs cilium_cert_dir: /etc/cilium/certs kube_etcd_cacert_file: ca.pem