Network plugin custom (#9819)

* network_plugin/custom_cni: add CNI to apply provided manifests Add a new simple custom_cni to install provided Kubernetes manifests. This could be useful to use manifests directly provided by a CNI when there are not support by Kubespray (i.e.: helm chart or any other manifests generation method). Co-authored-by: James Landrein <james.landrein@proton.ch> Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * network_plugin/custom_cni: add test with cilium Co-authored-by: James Landrein <james.landrein@proton.ch> Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> Co-authored-by: James Landrein <james.landrein@proton.ch>
2026-02-01 01:28:11 -03:30 · 2023-03-03 09:23:08 +01:00
parent 677b7ecd89
commit 6769bb32b1
12 changed files with 1184 additions and 52 deletions
--- a/roles/network_plugin/custom_cni/defaults/main.yml
+++ b/roles/network_plugin/custom_cni/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+custom_cni_manifests: []
--- a/roles/network_plugin/custom_cni/tasks/main.yml
+++ b/roles/network_plugin/custom_cni/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+
+- name: Cilium | Check Cilium encryption `cilium_ipsec_key` for ipsec
+  assert:
+    that:
+      - "custom_cni_manifests | length > 0"
+    msg: "custom_cni_manifests should not be empty"
+
+- name: Custom CNI | Copy Custom manifests
+  template:
+    src: "{{ item }}"
+    dest: "{{ kube_config_dir }}/{{ item | basename | replace('.j2', '') }}"
+    mode: 0644
+  loop: "{{ custom_cni_manifests }}"
+  delegate_to: "{{ groups['kube_control_plane'] | first }}"
+  run_once: true
+
+- name: Custom CNI | Start Resources
+  kube:
+    namespace: "kube-system"
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/{{ item | basename | replace('.j2', '') }}"
+    state: "latest"
+    wait: true
+  loop: "{{ custom_cni_manifests }}"
+  delegate_to: "{{ groups['kube_control_plane'] | first }}"
+  run_once: true
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -42,6 +42,11 @@ dependencies:
    tags:
      - kube-router

+  - role: network_plugin/custom_cni
+    when: kube_network_plugin == 'custom_cni'
+    tags:
+      - custom_cni
+
  - role: network_plugin/multus
    when: kube_network_plugin_multus
    tags: