diff --git a/docs/flannel.md b/docs/flannel.md index d4a9b97139c..78937b1b8fc 100644 --- a/docs/flannel.md +++ b/docs/flannel.md @@ -2,6 +2,8 @@ Flannel is a network fabric for containers, designed for Kubernetes +Supported [backends](https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard): `vxlan`, `host-gw` and `wireguard` + **Warning:** You may encounter this [bug](https://github.com/coreos/flannel/pull/1282) with `VXLAN` backend, while waiting on a newer Flannel version the current workaround (`ethtool --offload flannel.1 rx off tx off`) is showcase in kubespray [networking test](tests/testcases/040_check-network-adv.yml:31). ## Verifying flannel install diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml index 1a38ba71f17..64d20a825bb 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-flannel.yml @@ -10,8 +10,7 @@ ## single quote and escape backslashes # flannel_interface_regexp: '10\\.0\\.[0-2]\\.\\d{1,3}' -# You can choose what type of flannel backend to use: 'vxlan' or 'host-gw' -# for experimental backend +# You can choose what type of flannel backend to use: 'vxlan', 'host-gw' or 'wireguard' # please refer to flannel's docs : https://github.com/coreos/flannel/blob/master/README.md # flannel_backend_type: "vxlan" # flannel_vxlan_vni: 1 diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml index c8de8cea58b..2fd82e938b4 100644 --- a/roles/network_plugin/flannel/tasks/main.yml +++ b/roles/network_plugin/flannel/tasks/main.yml @@ -1,4 +1,13 @@ --- + +- name: Flannel | Stop if kernel version is too low for Flannel Wireguard encryption + assert: + that: ansible_kernel.split('-')[0] is version('5.6.0', '>=') + when: + - kube_network_plugin == 'flannel' + - flannel_backend_type == 'wireguard' + - not ignore_assert_errors + - name: Flannel | Create Flannel manifests template: src: "{{ item.file }}.j2"