From a7ad74063ee0242324bc99ce024e567d5c33a47e Mon Sep 17 00:00:00 2001 From: Ryan Lonergan Date: Fri, 1 Dec 2023 17:44:00 -0500 Subject: [PATCH 1/4] update cilium configmap template for new routing mode and tunnel-protocol options Ryan Lonergan ryan.tlonergan@gmail.com --- roles/network_plugin/cilium/templates/cilium/config.yml.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 index 399d8ced87e..9fb5f281953 100644 --- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 @@ -115,7 +115,14 @@ data: # - disabled # - vxlan (default) # - geneve +{% if cilium_version | regex_replace('v') is version('1.14.0', '<') %} tunnel: "{{ cilium_tunnel_mode }}" +{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %} + routing-mode: 'native' +{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %} + routing-mode: 'tunnel' + tunnel-protocol: "{{ cilium_tunnel_mode }}" +{% endif %} # Enable Bandwidth Manager # Cilium’s bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation. From 333b5880dd6df069225f39349cde08ffef9df9c4 Mon Sep 17 00:00:00 2001 From: Ryan Lonergan Date: Fri, 1 Dec 2023 17:44:11 -0500 Subject: [PATCH 2/4] add rbac for new cilium crd in 1.14 Ryan Lonergan ryan.tlonergan@gmail.com --- roles/network_plugin/cilium/templates/cilium/cr.yml.j2 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 index a16211c1792..4ce747f0f52 100644 --- a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 @@ -120,3 +120,12 @@ rules: - list - watch {% endif %} +{% if cilium_version | regex_replace('v') is version('1.14', '>=') %} +- apiGroups: + - cilium.io + resources: + - ciliumcidrgroups + verbs: + - list + - watch +{% endif %} From 67b405b2f09bb9a9a0e8dfd1a84e18b697fde5f6 Mon Sep 17 00:00:00 2001 From: Ryan Lonergan Date: Fri, 1 Dec 2023 17:44:18 -0500 Subject: [PATCH 3/4] add conditional for cni-install.sh that's no longer included in cilium 1.14 Ryan Lonergan ryan.tlonergan@gmail.com --- roles/network_plugin/cilium/templates/cilium/ds.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 index 38360342b3b..aabf20da067 100644 --- a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 @@ -106,6 +106,7 @@ spec: - {{ env_var | to_nice_yaml(indent=2) | indent(10) }} {% endfor %} lifecycle: +{% if cilium_version | regex_replace('v') is version('1.14', '<=') %} postStart: exec: command: @@ -114,6 +115,7 @@ spec: {% if cilium_version | regex_replace('v') is version('1.12', '>=') %} - "--enable-debug={{ cilium_debug | string | lower }}" - "--log-file={{ cilium_cni_log_file }}" +{% endif %} {% endif %} preStop: exec: From 47b4859ace17bd3f16c471ee2b56fefd32f94d51 Mon Sep 17 00:00:00 2001 From: Ryan Lonergan Date: Thu, 7 Dec 2023 09:20:41 -0500 Subject: [PATCH 4/4] Update roles/network_plugin/cilium/templates/cilium/ds.yml.j2 Co-authored-by: Cyclinder --- roles/network_plugin/cilium/templates/cilium/ds.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 index aabf20da067..658f53bfeff 100644 --- a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 @@ -106,7 +106,7 @@ spec: - {{ env_var | to_nice_yaml(indent=2) | indent(10) }} {% endfor %} lifecycle: -{% if cilium_version | regex_replace('v') is version('1.14', '<=') %} +{% if cilium_version | regex_replace('v') is version('1.14', '<') %} postStart: exec: command: