From f37d8e0bbcb01d89a6e8ce720e64f46d41713d92 Mon Sep 17 00:00:00 2001
From: patrick hermann <47567770+patrick-hermann-sva@users.noreply.github.com>
Date: Sun, 27 Oct 2024 19:55:10 +0000
Subject: [PATCH] updated cilium config

---
 defaults/main.yaml              |  3 +++
 tasks/configure-k3s.yaml        | 31 +++++++++++++++++++++----------
 templates/cilium-config.yaml.j2 | 23 +++++++++++++++++++++++
 3 files changed, 47 insertions(+), 10 deletions(-)
 create mode 100644 templates/cilium-config.yaml.j2

diff --git a/defaults/main.yaml b/defaults/main.yaml
index b56051d..b4cabda 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -178,6 +178,9 @@ cilium_api_server_ip: "{{ ansible_default_ipv4.address }}"
 cilium_api_server_port: 6443
 cilium_kube_proxy_replacement: true
 cilium_operator_replicas: 1
+cilium_enable_ingress: false
+cilium_rollout_pods: true
+cilium_config: cilium.yaml
 
 create_root_cert: true
 os_cert_path: /usr/local/share/ca-certificates
diff --git a/tasks/configure-k3s.yaml b/tasks/configure-k3s.yaml
index 81ede0f..fa183fd 100644
--- a/tasks/configure-k3s.yaml
+++ b/tasks/configure-k3s.yaml
@@ -1,15 +1,26 @@
 ---
 - name: Install cilium
-  ansible.builtin.shell: |
-    cilium install \
-      --set k8sServiceHost={{ cilium_api_server_ip }} \
-      --set k8sServicePort={{ cilium_api_server_port }} \
-      --set kubeProxyReplacement={{ cilium_kube_proxy_replacement }} \
-      --helm-set=operator.replicas={{ cilium_operator_replicas }}
-    cilium status --wait
-  environment:
-    KUBECONFIG: "{{ k3s_kubeconfig_path }}"
-  when: inventory_hostname in groups['initial_master_node']
+  block:
+    - name: Create cilium config
+      ansible.builtin.template:
+        src: cilium-config.yaml.j2
+        dest: "{{ k3s_config_dir }}/{{ cilium_config }}"
+      tags: cilium_config
+
+    - name: Install cilium
+      ansible.builtin.shell: |
+        cilium install \
+          --set k8sServiceHost={{ cilium_api_server_ip }} \
+          --set k8sServicePort={{ cilium_api_server_port }} \
+          --set kubeProxyReplacement={{ cilium_kube_proxy_replacement }} \
+          --helm-set=operator.replicas={{ cilium_operator_replicas }}
+        cilium status --wait
+        cilium upgrade -f {{ k3s_config_dir }}/{{ cilium_config }}
+        cilium status --wait
+      environment:
+        KUBECONFIG: "{{ k3s_kubeconfig_path }}"
+
+  when: install_cilium|bool and inventory_hostname in groups['initial_master_node']
 
 - name: Create (testing) root certificate
   block:
diff --git a/templates/cilium-config.yaml.j2 b/templates/cilium-config.yaml.j2
new file mode 100644
index 0000000..ff62023
--- /dev/null
+++ b/templates/cilium-config.yaml.j2
@@ -0,0 +1,23 @@
+---
+k8sServiceHost: {{ cilium_api_server_ip }}
+k8sServicePort: {{ cilium_api_server_port }}
+kubeProxyReplacement: {{ cilium_kube_proxy_replacement }} 
+
+l2announcements:
+  enabled: true
+
+externalIPs:
+  enabled: true
+
+k8sClientRateLimit:
+  qps: 50
+  burst: 200
+
+operator:
+  replicas: {{ cilium_operator_replicas }}
+  rollOutPods: {{ cilium_rollout_pods }}
+
+rollOutCiliumPods: {{ cilium_rollout_pods }}
+
+ingressController:
+  enabled: {{ cilium_enable_ingress }}