Fix cilium portmap (#12814 )

Fix for #12435 - setting timezone under SELinux. (#12436 )
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
2026-02-04 08:48:42 +03:00 · 2025-12-24 18:12:31 +05:30 · 2025-12-24 16:40:31 +05:30
4 changed files with 29 additions and 21 deletions
--- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
@@ -74,8 +74,33 @@
    - not is_fedora_coreos
    - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]

- name: Set timezone
+- name: Gather selinux facts
+  ansible.builtin.setup:
+    gather_subset: selinux
+  when:
+    - ntp_timezone
+    - ansible_os_family == "RedHat"
+
+- name: Put SELinux in permissive mode, logging actions that would be blocked.
+  ansible.posix.selinux:
+    policy: targeted
+    state: permissive
+  when:
+    - ntp_timezone
+    - ansible_os_family == "RedHat"
+    - ansible_facts.selinux.mode == 'enforcing'
+
+- name: Set ntp_timezone
  community.general.timezone:
    name: "{{ ntp_timezone }}"
  when:
    - ntp_timezone
+
+- name: Re-enable SELinux
+  ansible.posix.selinux:
+    policy: targeted
+    state: "{{ preinstall_selinux_state }}"
+  when:
+    - ntp_timezone
+    - ansible_os_family == "RedHat"
+    - ansible_facts.selinux.status == 'enabled'
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -30,13 +30,6 @@
  when:
    - cilium_identity_allocation_mode == "kvstore"

- name: Cilium | Enable portmap addon
-  template:
-    src: 000-cilium-portmap.conflist.j2
-    dest: /etc/cni/net.d/000-cilium-portmap.conflist
-    mode: "0644"
-  when: cilium_enable_portmap
-
 - name: Cilium | Render values
  template:
    src: values.yaml.j2
--- a/roles/network_plugin/cilium/templates/000-cilium-portmap.conflist.j2
+++ b/roles/network_plugin/cilium/templates/000-cilium-portmap.conflist.j2
@@ -1,13 +0,0 @@
-{
-    "cniVersion": "0.3.1",
-    "name": "cilium-portmap",
-    "plugins": [
-        {
-            "type": "cilium-cni"
-        },
-        {
-            "type": "portmap",
-            "capabilities": { "portMappings": true }
-        }
-    ]
-}
--- a/roles/network_plugin/cilium/templates/values.yaml.j2
+++ b/roles/network_plugin/cilium/templates/values.yaml.j2
@@ -56,6 +56,9 @@ bpf:
 cni:
  exclusive: {{ cilium_cni_exclusive | to_json }}
  logFile: {{ cilium_cni_log_file }}
+{% if cilium_enable_portmap %}
+  chainingMode: portmap
+{% endif %}

 autoDirectNodeRoutes: {{ cilium_auto_direct_node_routes | to_json }}
Author	SHA1	Message	Date
Qasim Mehmood	aaaf82f308	Fix cilium portmap (#12814 )	2025-12-24 18:12:31 +05:30
Bas	e80087df93	Fix for #12435 - setting timezone under SELinux. (#12436 ) Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>	2025-12-24 16:40:31 +05:30