Merge branch 'techno-tim:master' into calico

Add eBPF dataplane option
fix for recreating new control planes (2nd run) (#393 )
2025-12-25 18:23:05 +01:00 · 2024-01-19 10:45:23 -06:00 · 2024-01-19 10:01:30 -06:00 · 2024-01-19 08:37:14 -06:00
4 changed files with 22 additions and 1 deletions
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -13,6 +13,7 @@ container_iface: "eth0"
 # set use_calico to true to use tigera operator/calico instead of the default CNI flannel
 # install reference: https://docs.tigera.io/calico/latest/getting-started/kubernetes/k3s/multi-node-install#install-calico
 use_calico: false
+calico_ebpf: false # use eBPF dataplane instead of iptables https://docs.tigera.io/calico/latest/operations/ebpf
 calico_cidr: "10.52.0.0/16" # pod cidr pool
 calico_tag: "v3.27.0" # calico version tag

--- a/roles/k3s_server/tasks/main.yml
+++ b/roles/k3s_server/tasks/main.yml
@@ -6,6 +6,13 @@
    state: stopped
  failed_when: false

+# k3s-init won't work if the port is already in use
+- name: Stop k3s
+  systemd:
+    name: k3s
+    state: stopped
+  failed_when: false
+
 - name: Clean previous runs of k3s-init  # noqa command-instead-of-module
  # The systemd module does not support "reset-failed", so we need to resort to command.
  command: systemctl reset-failed k3s-init
@@ -29,7 +36,7 @@
                      -p Restart=on-failure \
                      --unit=k3s-init \
                      k3s server {{ server_init_args }}"
-    creates: "{{ systemd_dir }}/k3s.service"
+    creates: "{{ systemd_dir }}/k3s-init.service"

 - name: Verification
  when: not ansible_check_mode
--- a/roles/k3s_server_post/tasks/calico.yml
+++ b/roles/k3s_server_post/tasks/calico.yml
@@ -95,5 +95,17 @@
        - { name: calico-apiserver, type: deployment, selector: 'k8s-app=calico-apiserver', namespace: calico-apiserver }
      loop_control:
        label: "{{ item.type }}/{{ item.name }}"
+
+    - name: Patch Felix configuration for eBPF mode
+      ansible.builtin.command:
+        cmd: >
+          kubectl patch felixconfiguration default
+          --type='merge' 
+          --patch='{"spec": {"bpfKubeProxyIptablesCleanupEnabled": false}}'
+      register: patch_result
+      changed_when: "'felixconfiguration.projectcalico.org/default patched' in patch_result.stdout"
+      failed_when: "'Error' in patch_result.stderr"
+      when: calico_ebpf == true
+
  when: ansible_hostname == hostvars[groups[group_name_master | default('master')][0]]['ansible_hostname']
  run_once: true # stops "skipped" log spam
--- a/roles/k3s_server_post/templates/calico.crs.j2
+++ b/roles/k3s_server_post/templates/calico.crs.j2
@@ -16,6 +16,7 @@ spec:
      nodeSelector: {{ calico_nodeSelector if calico_nodeSelector is defined else 'all()' }}
    nodeAddressAutodetectionV4:
      interface: {{ container_iface if container_iface is defined else 'eth0' }}
+    linuxDataplane: {{ 'BPF' if calico_ebpf else 'Iptables' }}

 ---
Author	SHA1	Message	Date
sholdee	c86cbb9fbc	Merge branch 'techno-tim:master' into calico	2024-01-19 10:45:23 -06:00
Ethan Shold	f3b88a7ea4	Add eBPF dataplane option	2024-01-19 10:01:30 -06:00
egandro	edf0c9eebd	fix for recreating new control planes (2nd run) (#393 ) Co-authored-by: Harald Fielker <harald.fielker@gmail.com> Co-authored-by: Techno Tim <timothystewart6@gmail.com>	2024-01-19 08:37:14 -06:00