Cilium as default CNI

alvistack · Apr 29, 2022 · 22fab3f · 22fab3f
1 parent d6c8ae8
commit 22fab3f
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 4 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -18,6 +18,10 @@
 	path = roles/alvistack.chrony
 	url = https://github.com/alvistack/ansible-role-chrony.git
 	branch = develop
+[submodule "roles/alvistack.cilium"]
+	path = roles/alvistack.cilium
+	url = https://github.com/alvistack/ansible-role-cilium.git
+	branch = develop
 [submodule "roles/alvistack.conmon"]
 	path = roles/alvistack.conmon
 	url = https://github.com/alvistack/ansible-role-conmon.git
@@ -62,6 +66,10 @@
 	path = roles/alvistack.kube_cert_manager
 	url = https://github.com/alvistack/ansible-role-kube_cert_manager.git
 	branch = develop
+[submodule "roles/alvistack.kube_cilium"]
+	path = roles/alvistack.kube_cilium
+	url = https://github.com/alvistack/ansible-role-kube_cilium.git
+	branch = develop
 [submodule "roles/alvistack.kube_csi_cephfs"]
 	path = roles/alvistack.kube_csi_cephfs
 	url = https://github.com/alvistack/ansible-role-kube_csi_cephfs.git

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 ### Major Changes
 
+  - Cilium as default CNI
+
 ## 20220427.1.1 - 2022-04-27
 
 ### Major Changes

diff --git a/README.md b/README.md
@@ -75,13 +75,13 @@ For production environment we should backed with [Ceph File System](https://docs
 
 Traditionally we could use [Docker](https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker) or [containerd](https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd) as [Kubernetes container runtime (CRI)](https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/). Now a day, this collection is default with the modern [CRI-O](https://kubernetes.io/docs/setup/production-environment/container-runtimes/#cri-o) implementation.
 
-Moreover, we are using [Weave Net](https://github.com/weaveworks/weave) as [Kubernetes network plugin (CNI)](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) so we could support [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/).
+Moreover, we are using [Cilium](https://cilium.io/) as [Kubernetes network plugin (CNI)](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) so we could support [Kubernetes Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/).
 
 This deployment will setup the follow components:
 
   - [Kubernetes](https://kubernetes.io/)
-      - CRI: [CRI-O](https://cri-o.io/)
-      - CNI: [Weave Net](https://github.com/weaveworks/weave)
+      - CRI: [CRI-O](https://github.com/cri-o/cri-o)
+      - CNI: [Cilium](https://github.com/cilium/cilium)
       - CSI: [CSI CephFS](https://github.com/ceph/ceph-csi)
       - Addons:
           - [Kubernetes Dashboard](https://github.com/kubernetes/dashboard)
@@ -107,7 +107,7 @@ Once update now run the playbooks:
     cd /opt/ansible-collection-kubernetes
     ansible-playbook playbooks/converge.yml
     ansible-playbook playbooks/50-kube-verify.yml
-    ansible-playbook playbooks/60-kube_weave-install.yml
+    ansible-playbook playbooks/60-kube_cilium-install.yml
     ansible-playbook playbooks/70-kube_csi_cephfs-install.yml
     ansible-playbook playbooks/70-kube_csi_cephfs-verify.yml
     ansible-playbook playbooks/80-kube_dashboard-install.yml

diff --git a/playbooks/60-kube_cilium-install.yml b/playbooks/60-kube_cilium-install.yml
@@ -0,0 +1,38 @@
+---
+
+# (c) Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: kube_master
+  remote_user: root
+  become: true
+  tasks:
+    - name: include role
+      ansible.builtin.include_role:
+        name: alvistack.cilium
+      tags: alvistack.cilium
+
+    - name: include role
+      ansible.builtin.include_role:
+        name: alvistack.kube_cilium
+      tags: alvistack.kube_cilium
+
+- hosts: ansible
+  remote_user: root
+  become: true
+  tasks:
+    - name: include role
+      ansible.builtin.include_role:
+        name: alvistack.cilium
+      tags: alvistack.cilium
diff --git a/roles/alvistack.cilium b/roles/alvistack.cilium
diff --git a/roles/alvistack.kube_cilium b/roles/alvistack.kube_cilium