From b3588c4c3bf53365154a5318249c0c3783e96fd3 Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Wed, 19 Jun 2024 11:54:57 -0500 Subject: [PATCH 01/10] chore(deps): Updated all k8s components --- inventory/sample/group_vars/all.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index 909746d..c8397b4 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -1,5 +1,5 @@ --- -k3s_version: v1.29.2+k3s1 +k3s_version: v1.30.1+k3s1 # this is the user that has ssh access to these machines ansible_user: ansibleuser systemd_dir: /etc/systemd/system @@ -13,13 +13,13 @@ flannel_iface: "eth0" # uncomment calico_iface to use tigera operator/calico cni instead of flannel https://docs.tigera.io/calico/latest/about # calico_iface: "eth0" calico_ebpf: false # use eBPF dataplane instead of iptables -calico_tag: "v3.27.2" # calico version tag +calico_tag: "v3.28.0" # calico version tag # uncomment cilium_iface to use cilium cni instead of flannel or calico # ensure v4.19.57, v5.1.16, v5.2.0 or more recent kernel # cilium_iface: "eth0" cilium_mode: "native" # native when nodes on same subnet or using bgp, else set routed -cilium_tag: "v1.15.2" # cilium version tag +cilium_tag: "v1.15.6" # cilium version tag cilium_hubble: true # enable hubble observability relay and ui # if using calico or cilium, you may specify the cluster pod cidr pool @@ -72,7 +72,7 @@ extra_agent_args: >- {{ extra_args }} # image tag for kube-vip -kube_vip_tag_version: "v0.7.2" +kube_vip_tag_version: "v0.8.0" # tag for kube-vip-cloud-provider manifest # kube_vip_cloud_provider_tag_version: "main" @@ -93,8 +93,8 @@ metal_lb_mode: "layer2" # metal_lb_bgp_peer_address: "192.168.30.1" # image tag for metal lb -metal_lb_speaker_tag_version: "v0.14.3" -metal_lb_controller_tag_version: "v0.14.3" +metal_lb_speaker_tag_version: "v0.14.5" +metal_lb_controller_tag_version: "v0.14.5" # metallb ip range for load balancer metal_lb_ip_range: "192.168.30.80-192.168.30.90" From a40a7d7e71afdaeb0a1ba23e73ff4e539d422c41 Mon Sep 17 00:00:00 2001 From: Techno Tim Date: Wed, 19 Jun 2024 12:01:59 -0500 Subject: [PATCH 02/10] Metallb 0.14.4 support (#533) * Added support for metallb >= 0.14.4 * update gpg * Added support for metallb >= 0.14.4 * remove extra file --------- Co-authored-by: Konstantin Kornienko Co-authored-by: Konstantin Kornienko --- roles/k3s_server_post/tasks/metallb.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/roles/k3s_server_post/tasks/metallb.yml b/roles/k3s_server_post/tasks/metallb.yml index 07a23b0..7699fb4 100644 --- a/roles/k3s_server_post/tasks/metallb.yml +++ b/roles/k3s_server_post/tasks/metallb.yml @@ -83,9 +83,23 @@ loop_control: label: "{{ item.description }}" +- name: Set metallb webhook service name + set_fact: + metallb_webhook_service_name: >- + {{ + ( + (metal_lb_controller_tag_version | regex_replace('^v', '')) + is + version('0.14.4', '<', version_type='semver') + ) | ternary( + 'webhook-service', + 'metallb-webhook-service' + ) + }} + - name: Test metallb-system webhook-service endpoint command: >- - k3s kubectl -n metallb-system get endpoints webhook-service + k3s kubectl -n metallb-system get endpoints {{ metallb_webhook_service_name }} changed_when: false with_items: "{{ groups[group_name_master | default('master')] }}" run_once: true From 7728ba0dd18b21ee203ac20a4dd0f0ce8387bdb6 Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Wed, 19 Jun 2024 12:52:15 -0500 Subject: [PATCH 03/10] chore(deps): Updated actions --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9029e71..b10e0a0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -47,7 +47,7 @@ jobs: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7 - name: Ensure SHA pinned actions - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@2f2ebc6d914ab515939dc13f570f91baeb2c194c # 3.0.6 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@74606c30450304eee8660aae751818321754feb1 # 3.0.9 with: allowlist: | aws-actions/ From 49ce3b84d9a1602ba59e7cfc81cc64de8c3b9516 Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Fri, 21 Jun 2024 15:54:09 -0500 Subject: [PATCH 04/10] chore(dependencies): Roll back ansible-core --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 998a02d..079e561 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ # ansible-compat==4.1.11 # via molecule -ansible-core==2.17.0 +ansible-core==2.16.6 # via # -r requirements.in # ansible-compat From 09a9300915e273215f523fd4ee3057f04def5441 Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Fri, 21 Jun 2024 15:56:20 -0500 Subject: [PATCH 05/10] chore(deps): Updated kube-vip --- inventory/sample/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index c8397b4..065125f 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -72,7 +72,7 @@ extra_agent_args: >- {{ extra_args }} # image tag for kube-vip -kube_vip_tag_version: "v0.8.0" +kube_vip_tag_version: "v0.8.1" # tag for kube-vip-cloud-provider manifest # kube_vip_cloud_provider_tag_version: "main" From 210f1ea6ced8941e78363a4fa1e68932bc715482 Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Fri, 26 Jul 2024 16:55:38 -0500 Subject: [PATCH 06/10] chore(deps): Updated dependencies --- inventory/sample/group_vars/all.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index 065125f..1341680 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -1,5 +1,5 @@ --- -k3s_version: v1.30.1+k3s1 +k3s_version: v1.30.1+k3s2 # this is the user that has ssh access to these machines ansible_user: ansibleuser systemd_dir: /etc/systemd/system @@ -19,7 +19,7 @@ calico_tag: "v3.28.0" # calico version tag # ensure v4.19.57, v5.1.16, v5.2.0 or more recent kernel # cilium_iface: "eth0" cilium_mode: "native" # native when nodes on same subnet or using bgp, else set routed -cilium_tag: "v1.15.6" # cilium version tag +cilium_tag: "v1.16.0" # cilium version tag cilium_hubble: true # enable hubble observability relay and ui # if using calico or cilium, you may specify the cluster pod cidr pool @@ -72,7 +72,7 @@ extra_agent_args: >- {{ extra_args }} # image tag for kube-vip -kube_vip_tag_version: "v0.8.1" +kube_vip_tag_version: "v0.8.2" # tag for kube-vip-cloud-provider manifest # kube_vip_cloud_provider_tag_version: "main" @@ -93,8 +93,8 @@ metal_lb_mode: "layer2" # metal_lb_bgp_peer_address: "192.168.30.1" # image tag for metal lb -metal_lb_speaker_tag_version: "v0.14.5" -metal_lb_controller_tag_version: "v0.14.5" +metal_lb_speaker_tag_version: "v0.14.8" +metal_lb_controller_tag_version: "v0.14.8" # metallb ip range for load balancer metal_lb_ip_range: "192.168.30.80-192.168.30.90" From bb4d02beb7de5d37551b6a55b3bcd1adb5ffc07e Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Fri, 26 Jul 2024 17:53:39 -0500 Subject: [PATCH 07/10] chore(deps): Updated dependencies --- inventory/sample/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index 1341680..01b1fe9 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -1,5 +1,5 @@ --- -k3s_version: v1.30.1+k3s2 +k3s_version: v1.30.2+k3s2 # this is the user that has ssh access to these machines ansible_user: ansibleuser systemd_dir: /etc/systemd/system From 4bee4230deb2f884f71e2960ceffb0430d784f4a Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Sat, 27 Jul 2024 11:24:54 -0500 Subject: [PATCH 08/10] fix(cilium): changing test interface --- molecule/cilium/overrides.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/cilium/overrides.yml b/molecule/cilium/overrides.yml index 0b73920..9d25fc4 100644 --- a/molecule/cilium/overrides.yml +++ b/molecule/cilium/overrides.yml @@ -6,7 +6,7 @@ ansible.builtin.set_fact: # See: # https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant - cilium_iface: eth1 + cilium_iface: eth0 # The test VMs might be a bit slow, so we give them more time to join the cluster: retry_count: 45 From 15e97bad1dfa20bd49ad923a2885597cffa61279 Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Sat, 27 Jul 2024 12:32:22 -0500 Subject: [PATCH 09/10] fix(cilium): use cilium lb --- roles/k3s_server_post/tasks/cilium.yml | 34 +++++++++++++++++-- .../{cilium.crs.j2 => cilium-bgp.crs.j2} | 13 ------- .../templates/cilium-lb.crs.j2 | 13 +++++++ 3 files changed, 45 insertions(+), 15 deletions(-) rename roles/k3s_server_post/templates/{cilium.crs.j2 => cilium-bgp.crs.j2} (70%) create mode 100644 roles/k3s_server_post/templates/cilium-lb.crs.j2 diff --git a/roles/k3s_server_post/tasks/cilium.yml b/roles/k3s_server_post/tasks/cilium.yml index 41c181c..ac0c5e2 100644 --- a/roles/k3s_server_post/tasks/cilium.yml +++ b/roles/k3s_server_post/tasks/cilium.yml @@ -221,10 +221,9 @@ - name: Configure Cilium BGP when: cilium_bgp block: - - name: Copy BGP manifests to first master ansible.builtin.template: - src: "cilium.crs.j2" + src: "cilium-bgp.crs.j2" dest: /tmp/k3s/cilium-bgp.yaml owner: root group: root @@ -247,6 +246,37 @@ ansible.builtin.command: "{{ item }}" loop: - k3s kubectl get CiliumBGPPeeringPolicy.cilium.io + changed_when: false + loop_control: + label: "{{ item }}" + + - name: Configure Cilium Load Balancer + when: kube_vip_lb_ip_range is not defined and (cilium_bgp is not defined or cilium_iface is not defined) + block: + - name: Copy Load Balancer manifests to first master + ansible.builtin.template: + src: "cilium-lb.crs.j2" + dest: /tmp/k3s/cilium-lb.yaml + owner: root + group: root + mode: 0755 + + - name: Apply BGP manifests + ansible.builtin.command: + cmd: kubectl apply -f /tmp/k3s/cilium-lb.yaml + register: apply_cr + changed_when: "'configured' in apply_cr.stdout or 'created' in apply_cr.stdout" + failed_when: "'is invalid' in apply_cr.stderr" + ignore_errors: true + + - name: Print error message if BGP manifests application fails + ansible.builtin.debug: + msg: "{{ apply_cr.stderr }}" + when: "'is invalid' in apply_cr.stderr" + + - name: Test for LB config resources + ansible.builtin.command: "{{ item }}" + loop: - k3s kubectl get CiliumLoadBalancerIPPool.cilium.io changed_when: false loop_control: diff --git a/roles/k3s_server_post/templates/cilium.crs.j2 b/roles/k3s_server_post/templates/cilium-bgp.crs.j2 similarity index 70% rename from roles/k3s_server_post/templates/cilium.crs.j2 rename to roles/k3s_server_post/templates/cilium-bgp.crs.j2 index 5745a3b..6deda22 100644 --- a/roles/k3s_server_post/templates/cilium.crs.j2 +++ b/roles/k3s_server_post/templates/cilium-bgp.crs.j2 @@ -19,16 +19,3 @@ spec: # CiliumBGPPeeringPolicySpec serviceSelector: matchExpressions: - {key: somekey, operator: NotIn, values: ['never-used-value']} ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumLoadBalancerIPPool -metadata: - name: "01-lb-pool" -spec: - blocks: -{% if "/" in cilium_bgp_lb_cidr %} - - cidr: {{ cilium_bgp_lb_cidr }} -{% else %} - - start: {{ cilium_bgp_lb_cidr.split('-')[0] }} - stop: {{ cilium_bgp_lb_cidr.split('-')[1] }} -{% endif %} diff --git a/roles/k3s_server_post/templates/cilium-lb.crs.j2 b/roles/k3s_server_post/templates/cilium-lb.crs.j2 new file mode 100644 index 0000000..b8dc5a3 --- /dev/null +++ b/roles/k3s_server_post/templates/cilium-lb.crs.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: "cilium.io/v2alpha1" +kind: CiliumLoadBalancerIPPool +metadata: + name: "01-lb-pool" +spec: + blocks: +{% if "/" in cilium_bgp_lb_cidr %} + - cidr: {{ cilium_bgp_lb_cidr }} +{% else %} + - start: {{ cilium_bgp_lb_cidr.split('-')[0] }} + stop: {{ cilium_bgp_lb_cidr.split('-')[1] }} +{% endif %} From 7239c927de78ce067a4802fe72e7d0a744ac198c Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Sat, 27 Jul 2024 14:24:03 -0500 Subject: [PATCH 10/10] fix(cilium): use cilium lb --- roles/k3s_server_post/tasks/cilium.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/k3s_server_post/tasks/cilium.yml b/roles/k3s_server_post/tasks/cilium.yml index ac0c5e2..7be937f 100644 --- a/roles/k3s_server_post/tasks/cilium.yml +++ b/roles/k3s_server_post/tasks/cilium.yml @@ -251,7 +251,7 @@ label: "{{ item }}" - name: Configure Cilium Load Balancer - when: kube_vip_lb_ip_range is not defined and (cilium_bgp is not defined or cilium_iface is not defined) + when: cilium_iface block: - name: Copy Load Balancer manifests to first master ansible.builtin.template: @@ -261,7 +261,7 @@ group: root mode: 0755 - - name: Apply BGP manifests + - name: Apply LB manifests ansible.builtin.command: cmd: kubectl apply -f /tmp/k3s/cilium-lb.yaml register: apply_cr @@ -269,7 +269,7 @@ failed_when: "'is invalid' in apply_cr.stderr" ignore_errors: true - - name: Print error message if BGP manifests application fails + - name: Print error message if LB manifests application fails ansible.builtin.debug: msg: "{{ apply_cr.stderr }}" when: "'is invalid' in apply_cr.stderr"