Upgrade cilium role (#7521)

* Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme
2026-02-28 09:39:12 +03:00 · 2021-04-30 18:09:59 +03:00
parent d29ea386d6
commit 2556eb2733
21 changed files with 772 additions and 16 deletions
--- a/roles/network_plugin/cilium/tasks/apply.yml
+++ b/roles/network_plugin/cilium/tasks/apply.yml
@@ -0,0 +1,33 @@
+---
+- name: Cilium | Start Resources
+  kube:
+    name: "{{ item.item.name }}"
+    namespace: "kube-system"
+    kubectl: "{{ bin_dir }}/kubectl"
+    resource: "{{ item.item.type }}"
+    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
+    state: "latest"
+  loop: "{{ cilium_node_manifests.results }}"
+  when: inventory_hostname == groups['kube_control_plane'][0] and not item is skipped
+
+- name: Cilium | Wait for pods to run
+  command: "{{ bin_dir }}/kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[?(@.status.containerStatuses[0].ready==false)].metadata.name}'"  # noqa 601
+  register: pods_not_ready
+  until: pods_not_ready.stdout.find("cilium")==-1
+  retries: 30
+  delay: 10
+  ignore_errors: yes
+  when: inventory_hostname == groups['kube_control_plane'][0]
+
+- name: Cilium | Hubble install
+  kube:
+    name: "{{ item.item.name }}"
+    namespace: "kube-system"
+    kubectl: "{{ bin_dir }}/kubectl"
+    resource: "{{ item.item.type }}"
+    filename: "{{ kube_config_dir }}/addons/hubble/{{ item.item.file }}"
+    state: "latest"
+  loop: "{{ cilium_hubble_manifests.results }}"
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0] and not item is skipped
+    - cilium_enable_hubble and cilium_hubble_install
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -20,16 +20,27 @@
    dest: "{{ cilium_cert_dir }}/{{ item.d }}"
    state: hard
    force: yes
-  with_items:
+  loop:
    - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
    - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
    - {s: "{{ kube_etcd_key_file }}", d: "key.pem"}

+- name: Cilium | Create hubble dir
+  file:
+    path: "{{ kube_config_dir }}/addons/hubble"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - cilium_hubble_install
+
 - name: Cilium | Create Cilium node manifests
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
-  with_items:
+  loop:
    - {name: cilium, file: cilium-config.yml, type: cm}
    - {name: cilium, file: cilium-crb.yml, type: clusterrolebinding}
    - {name: cilium, file: cilium-cr.yml, type: clusterrole}
@@ -42,6 +53,25 @@
    - inventory_hostname in groups['kube_control_plane']
    - item.when | default(True) | bool

+- name: Cilium | Create Cilium Hubble manifests
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/addons/hubble/{{ item.file }}"
+  loop:
+    - {name: hubble, file: hubble-config.yml, type: cm}
+    - {name: hubble, file: hubble-crb.yml, type: clusterrolebinding}
+    - {name: hubble, file: hubble-cr.yml, type: clusterrole}
+    - {name: hubble, file: hubble-cronjob.yml, type: cronjob, when: "{{ cilium_hubble_tls_generate }}"}
+    - {name: hubble, file: hubble-deploy.yml, type: deploy}
+    - {name: hubble, file: hubble-job.yml, type: job, when: "{{ cilium_hubble_tls_generate }}"}
+    - {name: hubble, file: hubble-sa.yml, type: sa}
+    - {name: hubble, file: hubble-service.yml, type: service}
+  register: cilium_hubble_manifests
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+    - cilium_enable_hubble and cilium_hubble_install
+    - item.when | default(True) | bool
+
 - name: Cilium | Enable portmap addon
  template:
    src: 000-cilium-portmap.conflist.j2
--- a/roles/network_plugin/cilium/tasks/main.yml
+++ b/roles/network_plugin/cilium/tasks/main.yml
@@ -2,3 +2,5 @@
 - import_tasks: check.yml

 - include_tasks: install.yml
+
+- include_tasks: apply.yml
--- a/roles/network_plugin/cilium/tasks/reset.yml
+++ b/roles/network_plugin/cilium/tasks/reset.yml
@@ -3,7 +3,7 @@
  include_tasks: reset_iface.yml
  vars:
    iface: "{{ item }}"
-  with_items:
+  loop:
    - cilium_host
    - cilium_net
    - cilium_vxlan