🚧 WIP

2025-12-28 03:32:41 +01:00 · 2024-06-09 14:11:14 +03:00
parent a1b108a651
commit 39361d2d8e
3 changed files with 116 additions and 8 deletions
--- a/roles/k3s_server_post/defaults/main.yml
+++ b/roles/k3s_server_post/defaults/main.yml
@@ -1,6 +1,20 @@
 ---
-# Timeout to wait for MetalLB services to come up
-metal_lb_available_timeout: 240s
+bpf_lb_algorithm: maglev
+bpf_lb_mode: hybrid

-# Name of the master group
+calico_ebpf: false
+calico_tag: v3.27.2
+
+cilium_bgp: false
+cilium_exportPodCIDR: true
+cilium_hubble: true
+cilium_mode: native
+
+cluster_cidr: 10.52.0.0/16
+enable_bpf_masquerade: true
+kube_proxy_replacement: true
 group_name_master: master
+
+metal_lb_mode: layer2
+metal_lb_available_timeout: 240s
+metal_lb_controller_tag_version: v0.14.3
--- a/roles/k3s_server_post/meta/main.yml
+++ b/roles/k3s_server_post/meta/main.yml
@@ -0,0 +1,94 @@
+---
+argument_specs:
+  main:
+    short_description: Configure k3s cluster
+    options:
+      apiserver_endpoint:
+        description: Virtual ip-address configured on each master
+        required: true
+
+      bpf_lb_algorithm:
+        description: BPF lb algorithm
+        default: maglev
+
+      bpf_lb_mode:
+        description: BPF lb mode
+        default: hybrid
+
+      calico_ebpf:
+        description: Use eBPF dataplane instead of iptables
+        type: bool
+        default: false
+
+      calico_iface:
+        description: The network interface used for when Calico is enabled
+        default: ~
+
+      calico_tag:
+        description: Calico version tag
+        default: v3.27.2
+
+      cilium_bgp:
+        description:
+          - Enable cilium BGP control plane for LB services and pod cidrs.
+          - Disables the use of MetalLB.
+        type: bool
+        default: false
+
+      cilium_exportPodCIDR:
+        description: Export pod CIDR
+        type: bool
+        default: true
+
+      cilium_hubble:
+        description: Enable Cilium Hubble
+        type: bool
+        default: true
+
+      cilium_iface:
+        description: The network interface used for when Cilium is enabled
+        default: ~
+
+      cilium_mode:
+        description: Inner-node communication mode
+        default: native
+        choices:
+          - native
+          - routed
+
+      cluster_cidr:
+        description: Inner-cluster IP range
+        default: 10.52.0.0/16
+
+      enable_bpf_masquerade:
+        description: Use IP masquerading
+        type: bool
+        default: true
+
+      group_name_master:
+        description: Name of the master group
+        default: master
+
+      kube_proxy_replacement:
+        description: Replace the native kube-proxy with Cilium
+        type: bool
+        default: true
+
+      kube_vip_lb_ip_range:
+        description: IP range for kube-vip load balancer
+        default: ~
+
+      metal_lb_available_timeout:
+        description: Wait for MetalLB resources
+        default: 240s
+
+      metal_lb_controller_tag_version:
+        description: Image tag for MetalLB
+        default: v0.14.3
+
+      metal_lb_mode:
+        description: Metallb mode
+        default: layer2
+        choices:
+          - bgp
+          - layer2
--- a/roles/k3s_server_post/tasks/cilium.yml
+++ b/roles/k3s_server_post/tasks/cilium.yml
@@ -172,17 +172,17 @@
        {% endif %}
        --helm-set k8sServiceHost="127.0.0.1"
        --helm-set k8sServicePort="6444"
-        --helm-set routingMode={{ cilium_mode | default("native") }}
+        --helm-set routingMode={{ cilium_mode }}
        --helm-set autoDirectNodeRoutes={{ "true" if cilium_mode == "native" else "false" }}
-        --helm-set kubeProxyReplacement={{ kube_proxy_replacement | default("true") }}
-        --helm-set bpf.masquerade={{ enable_bpf_masquerade | default("true") }}
+        --helm-set kubeProxyReplacement={{ kube_proxy_replacement }}
+        --helm-set bpf.masquerade={{ enable_bpf_masquerade }}
        --helm-set bgpControlPlane.enabled={{ cilium_bgp | default("false") }}
        --helm-set hubble.enabled={{ "true" if cilium_hubble else "false" }}
        --helm-set hubble.relay.enabled={{ "true" if cilium_hubble else "false" }}
        --helm-set hubble.ui.enabled={{ "true" if cilium_hubble else "false" }}
        {% if kube_proxy_replacement is not false %}
-        --helm-set bpf.loadBalancer.algorithm={{ bpf_lb_algorithm | default("maglev") }}
-        --helm-set bpf.loadBalancer.mode={{ bpf_lb_mode | default("hybrid") }}
+        --helm-set bpf.loadBalancer.algorithm={{ bpf_lb_algorithm }}
+        --helm-set bpf.loadBalancer.mode={{ bpf_lb_mode }}
        {% endif %}
      environment:
        KUBECONFIG: "{{ ansible_user_dir }}/.kube/config"