Add identity_allocation_mode support for Cilium (#8430)

Co-authored-by: Emin Aktaş <eminaktas34@gmail.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com> Signed-off-by: necatican <necaticanyildirim@gmail.com> Co-authored-by: Emin Aktaş <eminaktas34@gmail.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
2026-02-17 03:00:07 -03:30 · 2022-01-16 20:29:28 +03:00
parent c0d1bb1a5c
commit caff539ccd
8 changed files with 42 additions and 2 deletions
--- a/roles/network_plugin/cilium/templates/cilium-config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-config.yml.j2
@@ -5,6 +5,9 @@ metadata:
  name: cilium-config
  namespace: kube-system
 data:
+  identity-allocation-mode: {{ identity_allocation_mode }}
+
+{% if identity_allocation_mode == "kvstore" %}
  # This etcd-config contains the etcd endpoints of your cluster. If you use
  # TLS please make sure you follow the tutorial in https://cilium.link/etcd-config
  etcd-config: |-
@@ -29,6 +32,7 @@ data:
  # https://docs.cilium.io/en/latest/cmdref/kvstore/
  kvstore: etcd
  kvstore-opt: '{"etcd.config": "/var/lib/etcd-config/etcd.config"}'
+{% endif %}

  # If you want metrics enabled in all of your Cilium agents, set the port for
  # which the Cilium agents will have their metrics exposed.
--- a/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2
@@ -135,12 +135,14 @@ spec:
            periodSeconds: 10
            timeoutSeconds: 3
          volumeMounts:
+{% if identity_allocation_mode == "kvstore" %}
            - mountPath: /var/lib/etcd-config
              name: etcd-config-path
              readOnly: true
            - mountPath: "{{cilium_cert_dir}}"
              name: etcd-secrets
              readOnly: true
+{% endif %}
            - mountPath: /tmp/cilium/config-map
              name: cilium-config-path
              readOnly: true
@@ -153,6 +155,7 @@ spec:
      tolerations:
        - operator: Exists
      volumes:
+{% if identity_allocation_mode == "kvstore" %}
        # To read the etcd config stored in config maps
        - configMap:
            defaultMode: 420
@@ -165,6 +168,7 @@ spec:
        - name: etcd-secrets
          hostPath:
            path: "{{cilium_cert_dir}}"
+{% endif %}
        - configMap:
            name: cilium-config
          name: cilium-config-path
--- a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
@@ -146,12 +146,14 @@ spec:
          mountPath: {{ cri_socket }}
          readOnly: true
 {% endif %}
+{% if identity_allocation_mode == "kvstore" %}
        - mountPath: /var/lib/etcd-config
          name: etcd-config-path
          readOnly: true
        - mountPath: "{{cilium_cert_dir}}"
          name: etcd-secrets
          readOnly: true
+{% endif %}
        - mountPath: /var/lib/cilium/clustermesh
          name: clustermesh-secrets
          readOnly: true
@@ -270,6 +272,7 @@ spec:
          path: /run/xtables.lock
          type: FileOrCreate
        name: xtables-lock
+{% if identity_allocation_mode == "kvstore" %}
        # To read the etcd config stored in config maps
      - configMap:
          defaultMode: 420
@@ -282,6 +285,7 @@ spec:
      - name: etcd-secrets
        hostPath:
          path: "{{cilium_cert_dir}}"
+{% endif %}
        # To read the clustermesh configuration
      - name: clustermesh-secrets
        secret: