From b5f69fbdb993fcdd8ad34ff1d70f97997bf12814 Mon Sep 17 00:00:00 2001
From: Ryan Lonergan <ryan.tlonergan@gmail.com>
Date: Sun, 7 Jan 2024 20:43:02 -0500
Subject: [PATCH] feat: add support for Cilium 1.14  (#10684)

* update cilium configmap template for new routing mode and tunnel-protocol options
Ryan Lonergan ryan.tlonergan@gmail.com

* add rbac for new cilium crd in 1.14
Ryan Lonergan ryan.tlonergan@gmail.com

* add conditional for cni-install.sh that's no longer included in cilium 1.14
Ryan Lonergan ryan.tlonergan@gmail.com

* Update roles/network_plugin/cilium/templates/cilium/ds.yml.j2

Co-authored-by: Cyclinder <qifeng.guo@daocloud.io>

---------

Co-authored-by: Cyclinder <qifeng.guo@daocloud.io>
---
 .../network_plugin/cilium/templates/cilium/config.yml.j2 | 7 +++++++
 roles/network_plugin/cilium/templates/cilium/cr.yml.j2   | 9 +++++++++
 roles/network_plugin/cilium/templates/cilium/ds.yml.j2   | 2 ++
 3 files changed, 18 insertions(+)

diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
index 399d8ced87e..9fb5f281953 100644
--- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2
@@ -115,7 +115,14 @@ data:
   #   - disabled
   #   - vxlan (default)
   #   - geneve
+{% if cilium_version | regex_replace('v') is version('1.14.0', '<') %}
   tunnel: "{{ cilium_tunnel_mode }}"
+{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
+  routing-mode: 'native'
+{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
+  routing-mode: 'tunnel'
+  tunnel-protocol: "{{ cilium_tunnel_mode }}"
+{% endif %}
 
   # Enable Bandwidth Manager
   # Cilium’s bandwidth manager supports the kubernetes.io/egress-bandwidth Pod annotation.
diff --git a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2
index a16211c1792..4ce747f0f52 100644
--- a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2
@@ -120,3 +120,12 @@ rules:
   - list
   - watch
 {% endif %}
+{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
+- apiGroups:
+  - cilium.io
+  resources:
+  - ciliumcidrgroups
+  verbs:
+  - list
+  - watch
+{% endif %}
diff --git a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
index 38360342b3b..658f53bfeff 100644
--- a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
@@ -106,6 +106,7 @@ spec:
         - {{ env_var | to_nice_yaml(indent=2) | indent(10) }}
 {% endfor %}
         lifecycle:
+{% if cilium_version | regex_replace('v') is version('1.14', '<') %}
           postStart:
             exec:
               command:
@@ -114,6 +115,7 @@ spec:
 {% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
               - "--enable-debug={{ cilium_debug | string | lower }}"
               - "--log-file={{ cilium_cni_log_file }}"
+{% endif %}
 {% endif %}
           preStop:
             exec: