updated cilium config

stuttgart-things · Oct 27, 2024 · f37d8e0 · f37d8e0
1 parent fbfe146
commit f37d8e0
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 10 deletions.
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -178,6 +178,9 @@ cilium_api_server_ip: "{{ ansible_default_ipv4.address }}"
 cilium_api_server_port: 6443
 cilium_kube_proxy_replacement: true
 cilium_operator_replicas: 1
+cilium_enable_ingress: false
+cilium_rollout_pods: true
+cilium_config: cilium.yaml
 
 create_root_cert: true
 os_cert_path: /usr/local/share/ca-certificates

diff --git a/tasks/configure-k3s.yaml b/tasks/configure-k3s.yaml
@@ -1,15 +1,26 @@
 ---
 - name: Install cilium
-  ansible.builtin.shell: |
-    cilium install \
-      --set k8sServiceHost={{ cilium_api_server_ip }} \
-      --set k8sServicePort={{ cilium_api_server_port }} \
-      --set kubeProxyReplacement={{ cilium_kube_proxy_replacement }} \
-      --helm-set=operator.replicas={{ cilium_operator_replicas }}
-    cilium status --wait
-  environment:
-    KUBECONFIG: "{{ k3s_kubeconfig_path }}"
-  when: inventory_hostname in groups['initial_master_node']
+  block:
+    - name: Create cilium config
+      ansible.builtin.template:
+        src: cilium-config.yaml.j2
+        dest: "{{ k3s_config_dir }}/{{ cilium_config }}"
+      tags: cilium_config
+
+    - name: Install cilium
+      ansible.builtin.shell: |
+        cilium install \
+          --set k8sServiceHost={{ cilium_api_server_ip }} \
+          --set k8sServicePort={{ cilium_api_server_port }} \
+          --set kubeProxyReplacement={{ cilium_kube_proxy_replacement }} \
+          --helm-set=operator.replicas={{ cilium_operator_replicas }}
+        cilium status --wait
+        cilium upgrade -f {{ k3s_config_dir }}/{{ cilium_config }}
+        cilium status --wait
+      environment:
+        KUBECONFIG: "{{ k3s_kubeconfig_path }}"
+
+  when: install_cilium|bool and inventory_hostname in groups['initial_master_node']
 
 - name: Create (testing) root certificate
   block:

diff --git a/templates/cilium-config.yaml.j2 b/templates/cilium-config.yaml.j2
@@ -0,0 +1,23 @@
+---
+k8sServiceHost: {{ cilium_api_server_ip }}
+k8sServicePort: {{ cilium_api_server_port }}
+kubeProxyReplacement: {{ cilium_kube_proxy_replacement }} 
+
+l2announcements:
+  enabled: true
+
+externalIPs:
+  enabled: true
+
+k8sClientRateLimit:
+  qps: 50
+  burst: 200
+
+operator:
+  replicas: {{ cilium_operator_replicas }}
+  rollOutPods: {{ cilium_rollout_pods }}
+
+rollOutCiliumPods: {{ cilium_rollout_pods }}
+
+ingressController:
+  enabled: {{ cilium_enable_ingress }}