mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-04-30 22:23:25 +03:00
a254f5ea68
Cilium < 1.20 unconditionally registers a field indexer for TLSRoute v1alpha2 when the Gateway API controller is enabled, but Gateway API >= 1.5.0 ships TLSRoute v1alpha2 with served=false in the standard channel. The result is cilium-operator CrashLoopBackOff with: no matches for kind "TLSRoute" in version "gateway.networking.k8s.io/v1alpha2" The fix landed in Cilium 1.20 only and will not be backported. Add a preflight assert that triggers only when all of the following hold: cilium_gateway_api_enabled, gateway_api_enabled, cilium_version < 1.20.0, gateway_api_version >= 1.5.0, and gateway_api_channel == "standard". Users hit by this combo get a clear error and two workarounds (pin gateway_api_version to 1.4.1, or switch gateway_api_channel to "experimental") instead of debugging a crash loop after the fact. Signed-off-by: Kay Yan <kay.yan@daocloud.io>