Skip to content

Commit

Permalink
feat!: install Cilium
Browse files Browse the repository at this point in the history 
Installed using Ansible instead of ArgoCD because Cilium replaces
the default CNI, so ArgoCD pod cannot be scheduled before Cilium
is installed.
  • Loading branch information
@khuedoan
khuedoan committed Dec 21, 2023
1 parent 7c0a784 commit 9f0d389
Show file tree
Hide file tree
Showing 9 changed files with 78 additions and 3 deletions.
3 changes: 2 additions & 1 deletion metal/Makefile
View file
@@ -1,6 +1,7 @@
.POSIX:

env ?= "prod"
env ?= prod
export KUBECONFIG = $(shell pwd)/kubeconfig.yaml

default: boot cluster

Expand Down
5 changes: 5 additions & 0 deletions metal/cluster.yml
View file
Expand Up @@ -3,3 +3,8 @@
roles:
- k3s
- automatic_upgrade

- name: Install Kubernetes addons
hosts: localhost
roles:
- cilium
2 changes: 2 additions & 0 deletions metal/group_vars/all.yml
View file
Expand Up @@ -2,3 +2,5 @@ ansible_user: root
ansible_ssh_private_key_file: ~/.ssh/id_ed25519
ssh_public_key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"
dns_server: "8.8.8.8"
load_balancer_ip_pool:
- 192.168.1.224/27
20 changes: 20 additions & 0 deletions metal/roles/cilium/defaults/main.yml
View file
@@ -0,0 +1,20 @@
cilium_repo_url: https://helm.cilium.io
cilium_version: 1.14.4
cilium_namespace: kube-system
cilium_values:
operator:
replicas: 1
kubeProxyReplacement: true
l2announcements:
enabled: true
ingressController:
enabled: true
default: true
loadbalancerMode: shared
service:
allocateLoadBalancerNodePorts: false
# TODO the host and port are k3s-specific, generic solution is in progress
# https://github.com/cilium/cilium/issues/19038
# https://github.com/cilium/cilium/pull/28741
k8sServiceHost: 127.0.0.1
k8sServicePort: 6444
27 changes: 27 additions & 0 deletions metal/roles/cilium/tasks/main.yml
View file
@@ -0,0 +1,27 @@
- name: Install Cilium
kubernetes.core.helm:
name: cilium
chart_ref: cilium
chart_repo_url: "{{ cilium_repo_url }}"
chart_version: "{{ cilium_version }}"
release_namespace: "{{ cilium_namespace }}"
values: "{{ cilium_values }}"

- name: Wait for Cilium CRDs
kubernetes.core.k8s_info:
kind: CustomResourceDefinition
name: "{{ item }}"
loop:
- ciliuml2announcementpolicies.cilium.io
- ciliumloadbalancerippools.cilium.io
register: crd
until: crd.resources | length > 0
retries: 5
delay: 10

- name: Apply Cilium resources
kubernetes.core.k8s:
template: "{{ item }}"
loop:
- ciliuml2announcementpolicy.yaml
- ciliumloadbalancerippool.yaml
7 changes: 7 additions & 0 deletions metal/roles/cilium/templates/ciliuml2announcementpolicy.yaml
View file
@@ -0,0 +1,7 @@
apiVersion: cilium.io/v2alpha1
kind: CiliumL2AnnouncementPolicy
metadata:
name: default
spec:
externalIPs: true
loadBalancerIPs: true
9 changes: 9 additions & 0 deletions metal/roles/cilium/templates/ciliumloadbalancerippool.yaml
View file
@@ -0,0 +1,9 @@
apiVersion: cilium.io/v2alpha1
kind: CiliumLoadBalancerIPPool
metadata:
name: default
spec:
cidrs:
{% for cidr in load_balancer_ip_pool %}
- cidr: {{ cidr }}
{% endfor %}
5 changes: 4 additions & 1 deletion metal/roles/k3s/defaults/main.yml
View file
Expand Up @@ -8,5 +8,8 @@ k3s_server_config:
- servicelb
- traefik
disable-cloud-controller: true
disable-helm-controller: true
disable-kube-proxy: true
disable-network-policy: true
flannel-backend: none
secrets-encryption: true
snapshotter: stargz
3 changes: 2 additions & 1 deletion scripts/configure
View file
Expand Up @@ -87,7 +87,8 @@ def main() -> None:
pattern=upstream_config['loadbalancer_ip_range'],
replacement=loadbalancer_ip_range,
paths=[
"system/metallb-system/templates/ipaddresspool.yaml",
"metal/group_vars/all.yml",
"external/main.tf",
]
)

Expand Down

0 comments on commit 9f0d389

Please sign in to comment.