Skip to content

Commit

Permalink
feat: Add support for cilium 1.15 and updated cilium to v1.15.4
Browse files Browse the repository at this point in the history
  • Loading branch information
Devesh Kumar authored and deveshk0 committed Apr 22, 2024
1 parent 3d19e74 commit 60fa2f0
Show file tree
Hide file tree
Showing 8 changed files with 67 additions and 4 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ Note: Upstart/SysV init based OS types are not supported.
- Network Plugin
- [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
- [calico](https://github.com/projectcalico/calico) v3.27.2
- [cilium](https://github.com/cilium/cilium) v1.13.4
- [cilium](https://github.com/cilium/cilium) v1.15.4
- [flannel](https://github.com/flannel-io/flannel) v0.22.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5
- [kube-router](https://github.com/cloudnativelabs/kube-router) v2.0.0
Expand Down
2 changes: 1 addition & 1 deletion docs/cilium.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ cilium_operator_extra_volume_mounts:
## Choose Cilium version

```yml
cilium_version: v1.12.1
cilium_version: v1.15.4
```

## Add variable to config
Expand Down
9 changes: 8 additions & 1 deletion inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
# cilium_version: "v1.12.1"
# cilium_version: "v1.15.4"

# Log-level
# cilium_debug: false
Expand All @@ -8,6 +8,9 @@
# cilium_enable_ipv4: true
# cilium_enable_ipv6: false

# Enable l2 announcement from cilium to replace Metallb Ref: https://docs.cilium.io/en/v1.14/network/l2-announcements/
cilium_l2announcements: false

# Cilium agent health port
# cilium_agent_health_port: "9879"

Expand Down Expand Up @@ -40,6 +43,10 @@

# Overlay Network Mode
# cilium_tunnel_mode: vxlan

# LoadBalancer Mode (snat/dsr/hybrid) Ref: https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#dsr-mode
# cilium_loadbalancer_mode: snat

# Optional features
# cilium_enable_prometheus: false
# Enable if you want to make use of hostPort mappings
Expand Down
2 changes: 1 addition & 1 deletion roles/kubespray-defaults/defaults/main/download.yml
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ flannel_cni_version: "v1.1.2"
cni_version: "v1.3.0"
weave_version: 2.8.1

cilium_version: "v1.13.4"
cilium_version: "v1.15.4"
cilium_cli_version: "v0.16.0"
cilium_enable_hubble: false

Expand Down
7 changes: 7 additions & 0 deletions roles/network_plugin/cilium/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ cilium_mtu: ""
cilium_enable_ipv4: true
cilium_enable_ipv6: false

# Enable l2 announcement from cilium to replace Metallb Ref: https://docs.cilium.io/en/v1.14/network/l2-announcements/
cilium_l2announcements: false

# Cilium agent health port
cilium_agent_health_port: "{%- if cilium_version | regex_replace('v') is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}"

Expand Down Expand Up @@ -39,6 +42,10 @@ cilium_cpu_requests: 100m

# Overlay Network Mode
cilium_tunnel_mode: vxlan

# LoadBalancer Mode (snat/dsr/hybrid) Ref: https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#dsr-mode
cilium_loadbalancer_mode: snat

# Optional features
cilium_enable_prometheus: false
# Enable if you want to make use of hostPort mappings
Expand Down
19 changes: 19 additions & 0 deletions roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,11 @@ rules:
- ciliumloadbalancerippools/status
- ciliumbgppeeringpolicies
- ciliumenvoyconfigs
{% endif %}
{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
- ciliumbgppeerconfigs
- ciliumbgpadvertisements
- ciliumbgpnodeconfigs
{% endif %}
verbs:
- '*'
Expand Down Expand Up @@ -146,6 +151,20 @@ rules:
- ciliumlocalredirectpolicies.cilium.io
- ciliumnetworkpolicies.cilium.io
- ciliumnodes.cilium.io
{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
- ciliumnodeconfigs.cilium.io
- ciliumcidrgroups.cilium.io
- ciliuml2announcementpolicies.cilium.io
- ciliumpodippools.cilium.io
- ciliumloadbalancerippools.cilium.io
{% endif %}
{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
- ciliumbgpclusterconfigs.cilium.io
- ciliumbgppeerconfigs.cilium.io
- ciliumbgpadvertisements.cilium.io
- ciliumbgpnodeconfigs.cilium.io
- ciliumbgpnodeconfigoverrides.cilium.io
{% endif %}
{% endif %}
{% for rules in cilium_clusterrole_rules_operator_extra_vars %}
- apiGroups:
Expand Down
6 changes: 6 additions & 0 deletions roles/network_plugin/cilium/templates/cilium/config.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,12 @@ data:
tunnel-protocol: "{{ cilium_tunnel_mode }}"
{% endif %}

## DSR setting
bpf-lb-mode: "{{ cilium_loadbalancer_mode }}"

# l2
enable-l2-announcements: "{{ cilium_l2announcements }}"

# Enable Bandwidth Manager
# Cilium’s bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation.
# Bandwidth enforcement currently does not work in combination with L7 Cilium Network Policies.
Expand Down
24 changes: 24 additions & 0 deletions roles/network_plugin/cilium/templates/cilium/cr.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,15 @@ rules:
- ciliumnodes/finalizers
- ciliumidentities/finalizers
- ciliumlocalredirectpolicies/finalizers
{% endif %}
{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
- ciliuml2announcementpolicies/status
{% endif %}
{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
- ciliumbgpnodeconfigs
- ciliumbgpnodeconfigs/status
- ciliumbgpadvertisements
- ciliumbgppeerconfigs
{% endif %}
verbs:
- '*'
Expand All @@ -125,7 +134,22 @@ rules:
- cilium.io
resources:
- ciliumcidrgroups
- ciliuml2announcementpolicies
- ciliumpodippools
- ciliuml2announcementpolicies/status
verbs:
- list
- watch
{% if cilium_version %}
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- list
- delete
{% endif %}
{% endif %}

0 comments on commit 60fa2f0

Please sign in to comment.