Add several configuration options

The new configurable options are:
  - `cni.chainingMode` via `cilium_chaining_mode`
  - `ipam.mode` via `cilium_ipam_mode`
  - `ipam.clusterPoolIPv4PodCIDR` via `cilium_ipam_cluster_pool_pod_cidr` when `ipam.mode` is `cluster-pool`
  - `bgp` to enable BGP advertisement
  - `kubeProxyReplacement` via `cilium_kube_proxy_replacement`

BGP advertisement uses the `cilium_bgp_config` to render the configuration supported by Cilium's MetalLB
integration.

The `kubeProxyReplacement` defaults to `probe` despite Cilium's Helm chart suggesting it's `disabled`.

defaults/main.yml

@@ -72,3 +72,35 @@ cilium_etcd_certfile: "cert-cilium.pem"
 
 # etcd certificate key file (file will be fetched in "cilium_etcd_cert_directory")
 cilium_etcd_keyfile: "cert-cilium-key.pem"
+
+cilium_chaining_mode: portmap
+
+# the IP addressing mode Cilium will use, default is "cluster-pool"
+cilium_ipam_mode: cluster-pool
+
+# when the cluster-pool IPAM mode is used, specify the CIDR used for pod IP allocation
+cilium_ipam_cluster_pool_pod_cidr: "10.200.0.0/16"
+
+# enable BGP annoucements using Cilium's MetalLB integration
+cilium_bgp_enabled: false
+
+# the BGP config file contents that will be added to the ConfigMap
+# reference: https://metallb.universe.tf/configuration/
+# example:
+# cilium_bgp_config: |
+#  peers:
+#    - peer-address: 10.31.0.1
+#      peer-asn: 123
+#      my-asn: 321
+#
+#  address-pools:
+#    - name: private
+#      avoid-buggy-ips: true
+#      protocol: bgp
+#      addresses:
+#        - 10.33.0.0/24
+cilium_bgp_config: ~
+
+# Whether or not Cilium should replace kube-proxy for network operations.
+# The default is `probe` despite the Helm chart suggesting it's `disabled`.
+cilium_kube_proxy_replacement: ~

tasks/bgp_config.yml

@@ -0,0 +1,20 @@
+---
+- block:
+    - name: Assert the configuration is provided
+      ansible.builtin.assert:
+        that:
+          - cilium_bgp_config is defined
+          - cilium_bgp_config != None
+    - name: Add BGP configuration
+      k8s:
+        state: present
+        definition:
+          apiVersion: v1
+          kind: ConfigMap
+          metadata:
+            name: bgp-config
+            namespace: "{{ cilium_namespace }}"
+          data:
+            config.yaml: "{{ cilium_bgp_config }}"
+  delegate_to: 127.0.0.1
+  run_once: true

tasks/install.yml

@@ -81,6 +81,10 @@
       args:
         executable: "/bin/bash"
 
+    - name: Add BGP support
+      include_tasks: bgp_config.yml
+      when: cilium_bgp_enabled
+
     - name: Delete temporary file for Helm values
       file:
         path: "{{ cilium_values_tmp_file.path }}"

tasks/upgrade.yml

@@ -193,6 +193,10 @@
       args:
         executable: "/bin/bash"
 
+    - name: Add BGP support
+      include_tasks: bgp_config.yml
+      when: cilium_bgp_enabled
+
     - name: Delete temporary file for Helm values
       file:
         path: "{{ cilium_values_tmp_file.path }}"

templates/cilium_values_default.yml.j2

@@ -29,7 +29,10 @@ bpf:
   masquerade: true
 
 cni:
-  chainingMode: portmap
+{% if cilium_chaining_mode is defined %}
+  chainingMode: {{ cilium_chaining_mode }}
+{% endif %}
+
 {% if cilium_etcd_enabled is defined and cilium_etcd_enabled == "true" -%}
 etcd:
   enabled: true
@@ -39,3 +42,22 @@ etcd:
   {% endfor -%}
   ssl: {% if cilium_etcd_secrets_name is defined %}true{% else %}false{% endif -%}
 {% endif %}
+
+ipam:
+  mode: "{{ cilium_ipam_mode }}"
+  operator:
+{% if cilium_ipam_cluster_pool_pod_cidr is defined %}
+    clusterPoolIPv4PodCIDR: "{{ cilium_ipam_cluster_pool_pod_cidr }}"
+    clusterPoolIPv4PodCIDRList: [ "{{ cilium_ipam_cluster_pool_pod_cidr }}" ]
+{% endif %}
+
+{% if cilium_bgp_enabled %}
+bgp:
+  enabled: true
+  announce:
+    loadbalancerIP: true
+{% endif %}
+
+{% if cilium_kube_proxy_replacement is defined %}
+kubeProxyReplacement: "{{ cilium_kube_proxy_replacement }}"
+{% endif %}