mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-02-28 09:39:12 +03:00
Propagate v-less version everywhere
This commit is contained in:
Max Gautier
@@ -11,7 +11,7 @@ cilium_enable_ipv6: "{{ ipv6_stack }}"
|
||||
cilium_l2announcements: false
|
||||
|
||||
# Cilium agent health port
|
||||
cilium_agent_health_port: "{%- if cilium_version | regex_replace('v') is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}"
|
||||
cilium_agent_health_port: "{%- if cilium_version is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}"
|
||||
|
||||
# Identity allocation mode selects how identities are shared between cilium
|
||||
# nodes by setting how they are stored. The options are "crd" or "kvstore".
|
||||
@@ -307,9 +307,9 @@ cilium_rolling_restart_wait_retries_count: 30
|
||||
cilium_rolling_restart_wait_retries_delay_seconds: 10
|
||||
|
||||
# Cilium changed the default metrics exporter ports in 1.12
|
||||
cilium_agent_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9962', '9090') }}"
|
||||
cilium_operator_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9963', '6942') }}"
|
||||
cilium_hubble_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9965', '9091') }}"
|
||||
cilium_agent_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9962', '9090') }}"
|
||||
cilium_operator_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9963', '6942') }}"
|
||||
cilium_hubble_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9965', '9091') }}"
|
||||
|
||||
# Cilium certgen args for generate certificate for hubble mTLS
|
||||
cilium_certgen_args:
|
||||
|
||||
@@ -48,9 +48,9 @@
|
||||
msg: "cilium_encryption_type must be either 'ipsec' or 'wireguard'"
|
||||
when: cilium_encryption_enabled
|
||||
|
||||
- name: Stop if cilium_version is < v1.10.0
|
||||
- name: Stop if cilium_version is < 1.10.0
|
||||
assert:
|
||||
that: cilium_version | regex_replace('v') is version(cilium_min_version_required, '>=')
|
||||
that: cilium_version is version(cilium_min_version_required, '>=')
|
||||
msg: "cilium_version is too low. Minimum version {{ cilium_min_version_required }}"
|
||||
|
||||
# TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled`
|
||||
|
||||
@@ -88,22 +88,22 @@ rules:
|
||||
- ciliumlocalredirectpolicies
|
||||
- ciliumlocalredirectpolicies/status
|
||||
- ciliumlocalredirectpolicies/finalizers
|
||||
{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
|
||||
{% if cilium_version is version('1.11', '>=') %}
|
||||
- ciliumendpointslices
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
|
||||
{% if cilium_version is version('1.12', '>=') %}
|
||||
- ciliumbgploadbalancerippools
|
||||
- ciliumloadbalancerippools
|
||||
- ciliumloadbalancerippools/status
|
||||
- ciliumbgppeeringpolicies
|
||||
- ciliumenvoyconfigs
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
|
||||
{% if cilium_version is version('1.15', '>=') %}
|
||||
- ciliumbgppeerconfigs
|
||||
- ciliumbgpadvertisements
|
||||
- ciliumbgpnodeconfigs
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.16', '>=') %}
|
||||
{% if cilium_version is version('1.16', '>=') %}
|
||||
- ciliumbgpclusterconfigs
|
||||
- ciliumbgpclusterconfigs/status
|
||||
- ciliumbgpnodeconfigoverrides
|
||||
@@ -134,7 +134,7 @@ rules:
|
||||
- create
|
||||
- get
|
||||
- update
|
||||
{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
|
||||
{% if cilium_version is version('1.12', '>=') %}
|
||||
- apiGroups:
|
||||
- apiextensions.k8s.io
|
||||
resources:
|
||||
@@ -156,14 +156,14 @@ rules:
|
||||
- ciliumlocalredirectpolicies.cilium.io
|
||||
- ciliumnetworkpolicies.cilium.io
|
||||
- ciliumnodes.cilium.io
|
||||
{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
|
||||
{% if cilium_version is version('1.14', '>=') %}
|
||||
- ciliumnodeconfigs.cilium.io
|
||||
- ciliumcidrgroups.cilium.io
|
||||
- ciliuml2announcementpolicies.cilium.io
|
||||
- ciliumpodippools.cilium.io
|
||||
- ciliumloadbalancerippools.cilium.io
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
|
||||
{% if cilium_version is version('1.15', '>=') %}
|
||||
- ciliumbgpclusterconfigs.cilium.io
|
||||
- ciliumbgppeerconfigs.cilium.io
|
||||
- ciliumbgpadvertisements.cilium.io
|
||||
|
||||
@@ -69,7 +69,7 @@ data:
|
||||
# custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
|
||||
custom-cni-conf: "false"
|
||||
|
||||
{% if cilium_version | regex_replace('v') is version('1.14.0', '>=') %}
|
||||
{% if cilium_version is version('1.14.0', '>=') %}
|
||||
# Tell the agent to generate and write a CNI configuration file
|
||||
write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
|
||||
cni-exclusive: "{{ cilium_cni_exclusive }}"
|
||||
@@ -122,11 +122,11 @@ data:
|
||||
# - disabled
|
||||
# - vxlan (default)
|
||||
# - geneve
|
||||
{% if cilium_version | regex_replace('v') is version('1.14.0', '<') %}
|
||||
{% if cilium_version is version('1.14.0', '<') %}
|
||||
tunnel: "{{ cilium_tunnel_mode }}"
|
||||
{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
|
||||
{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %}
|
||||
routing-mode: 'native'
|
||||
{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
|
||||
{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %}
|
||||
routing-mode: 'tunnel'
|
||||
tunnel-protocol: "{{ cilium_tunnel_mode }}"
|
||||
{% endif %}
|
||||
@@ -162,7 +162,7 @@ data:
|
||||
|
||||
# `wait-bpf-mount` is removed after v1.10.4
|
||||
# https://github.com/cilium/cilium/commit/d2217045cb3726a7f823174e086913b69b8090da
|
||||
{% if cilium_version | regex_replace('v') is version('1.10.4', '<') %}
|
||||
{% if cilium_version is version('1.10.4', '<') %}
|
||||
# wait-bpf-mount makes init container wait until bpf filesystem is mounted
|
||||
wait-bpf-mount: "false"
|
||||
{% endif %}
|
||||
@@ -170,7 +170,7 @@ data:
|
||||
# `kube-proxy-replacement=partial|strict|disabled` is deprecated since january 2024 and unsupported in 1.16.
|
||||
# Replaced by `kube-proxy-replacement=true|false`
|
||||
# https://github.com/cilium/cilium/pull/31286
|
||||
{% if cilium_version | regex_replace('v') is version('1.16', '<') %}
|
||||
{% if cilium_version is version('1.16', '<') %}
|
||||
kube-proxy-replacement: "{{ cilium_kube_proxy_replacement }}"
|
||||
{% else %}
|
||||
kube-proxy-replacement: "{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}true{% else %}false{% endif %}"
|
||||
@@ -179,7 +179,7 @@ data:
|
||||
# `native-routing-cidr` is deprecated in 1.10, removed in 1.12.
|
||||
# Replaced by `ipv4-native-routing-cidr`
|
||||
# https://github.com/cilium/cilium/pull/16695
|
||||
{% if cilium_version | regex_replace('v') is version('1.12', '<') %}
|
||||
{% if cilium_version is version('1.12', '<') %}
|
||||
native-routing-cidr: "{{ cilium_native_routing_cidr }}"
|
||||
{% else %}
|
||||
{% if cilium_native_routing_cidr | length %}
|
||||
@@ -253,7 +253,7 @@ data:
|
||||
|
||||
agent-health-port: "{{ cilium_agent_health_port }}"
|
||||
|
||||
{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_host_root != '' %}
|
||||
{% if cilium_version is version('1.11', '>=') and cilium_cgroup_host_root != '' %}
|
||||
cgroup-root: "{{ cilium_cgroup_host_root }}"
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ rules:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
{% if cilium_version | regex_replace('v') is version('1.12', '<') %}
|
||||
{% if cilium_version is version('1.12', '<') %}
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
@@ -98,17 +98,17 @@ rules:
|
||||
- ciliumlocalredirectpolicies
|
||||
- ciliumlocalredirectpolicies/status
|
||||
- ciliumegressnatpolicies
|
||||
{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
|
||||
{% if cilium_version is version('1.11', '>=') %}
|
||||
- ciliumendpointslices
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
|
||||
{% if cilium_version is version('1.12', '>=') %}
|
||||
- ciliumbgploadbalancerippools
|
||||
- ciliumbgppeeringpolicies
|
||||
{% if cilium_version | regex_replace('v') is version('1.13', '>=') %}
|
||||
{% if cilium_version is version('1.13', '>=') %}
|
||||
- ciliumloadbalancerippools
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.11.5', '<') %}
|
||||
{% if cilium_version is version('1.11.5', '<') %}
|
||||
- ciliumnetworkpolicies/finalizers
|
||||
- ciliumclusterwidenetworkpolicies/finalizers
|
||||
- ciliumendpoints/finalizers
|
||||
@@ -116,21 +116,21 @@ rules:
|
||||
- ciliumidentities/finalizers
|
||||
- ciliumlocalredirectpolicies/finalizers
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
|
||||
{% if cilium_version is version('1.14', '>=') %}
|
||||
- ciliuml2announcementpolicies/status
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.15', '>=') %}
|
||||
{% if cilium_version is version('1.15', '>=') %}
|
||||
- ciliumbgpnodeconfigs
|
||||
- ciliumbgpnodeconfigs/status
|
||||
- ciliumbgpadvertisements
|
||||
- ciliumbgppeerconfigs
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.16', '>=') %}
|
||||
{% if cilium_version is version('1.16', '>=') %}
|
||||
- ciliumbgpclusterconfigs
|
||||
{% endif %}
|
||||
verbs:
|
||||
- '*'
|
||||
{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
|
||||
{% if cilium_version is version('1.12', '>=') %}
|
||||
- apiGroups:
|
||||
- cilium.io
|
||||
resources:
|
||||
@@ -141,7 +141,7 @@ rules:
|
||||
- list
|
||||
- watch
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.14', '>=') %}
|
||||
{% if cilium_version is version('1.14', '>=') %}
|
||||
- apiGroups:
|
||||
- cilium.io
|
||||
resources:
|
||||
@@ -153,7 +153,6 @@ rules:
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
{% if cilium_version %}
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
@@ -165,4 +164,3 @@ rules:
|
||||
- list
|
||||
- delete
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
@@ -106,13 +106,13 @@ spec:
|
||||
- {{ env_var | to_nice_yaml(indent=2) | indent(10) }}
|
||||
{% endfor %}
|
||||
lifecycle:
|
||||
{% if cilium_version | regex_replace('v') is version('1.14', '<') %}
|
||||
{% if cilium_version is version('1.14', '<') %}
|
||||
postStart:
|
||||
exec:
|
||||
command:
|
||||
- "/cni-install.sh"
|
||||
- "--cni-exclusive={{ cilium_cni_exclusive | string | lower }}"
|
||||
{% if cilium_version | regex_replace('v') is version('1.12', '>=') %}
|
||||
{% if cilium_version is version('1.12', '>=') %}
|
||||
- "--enable-debug={{ cilium_debug | string | lower }}"
|
||||
- "--log-file={{ cilium_cni_log_file }}"
|
||||
{% endif %}
|
||||
@@ -151,7 +151,7 @@ spec:
|
||||
mountPropagation: Bidirectional
|
||||
- name: cilium-run
|
||||
mountPath: /var/run/cilium
|
||||
{% if cilium_version | regex_replace('v') is version('1.13.1', '<') %}
|
||||
{% if cilium_version is version('1.13.1', '<') %}
|
||||
- name: cni-path
|
||||
mountPath: /host/opt/cni/bin
|
||||
{% endif %}
|
||||
@@ -201,7 +201,7 @@ spec:
|
||||
{% endif %}
|
||||
hostNetwork: true
|
||||
initContainers:
|
||||
{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_auto_mount %}
|
||||
{% if cilium_version is version('1.11', '>=') and cilium_cgroup_auto_mount %}
|
||||
- name: mount-cgroup
|
||||
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
@@ -230,7 +230,7 @@ spec:
|
||||
securityContext:
|
||||
privileged: true
|
||||
{% endif %}
|
||||
{% if cilium_version | regex_replace('v') is version('1.11.7', '>=') %}
|
||||
{% if cilium_version is version('1.11.7', '>=') %}
|
||||
- name: apply-sysctl-overwrites
|
||||
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
@@ -277,7 +277,7 @@ spec:
|
||||
optional: true
|
||||
# Removed in 1.11 and up.
|
||||
# https://github.com/cilium/cilium/commit/f7a3f59fd74983c600bfce9cac364b76d20849d9
|
||||
{% if cilium_version | regex_replace('v') is version('1.11', '<') %}
|
||||
{% if cilium_version is version('1.11', '<') %}
|
||||
- name: CILIUM_WAIT_BPF_MOUNT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
@@ -296,7 +296,7 @@ spec:
|
||||
volumeMounts:
|
||||
- name: bpf-maps
|
||||
mountPath: /sys/fs/bpf
|
||||
{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
|
||||
{% if cilium_version is version('1.11', '>=') %}
|
||||
# Required to mount cgroup filesystem from the host to cilium agent pod
|
||||
- name: cilium-cgroup
|
||||
mountPath: {{ cilium_cgroup_host_root }}
|
||||
@@ -308,7 +308,7 @@ spec:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 100Mi
|
||||
{% if cilium_version | regex_replace('v') is version('1.13.1', '>=') %}
|
||||
{% if cilium_version is version('1.13.1', '>=') %}
|
||||
# Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent
|
||||
- name: install-cni-binaries
|
||||
image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}"
|
||||
@@ -356,7 +356,7 @@ spec:
|
||||
hostPath:
|
||||
path: /sys/fs/bpf
|
||||
type: DirectoryOrCreate
|
||||
{% if cilium_version | regex_replace('v') is version('1.11', '>=') %}
|
||||
{% if cilium_version is version('1.11', '>=') %}
|
||||
# To mount cgroup2 filesystem on the host
|
||||
- name: hostproc
|
||||
hostPath:
|
||||
|
||||
Reference in New Issue
Block a user