diff --git a/pkg/model/components/BUILD.bazel b/pkg/model/components/BUILD.bazel index 2a2a421712..d6fff0656f 100644 --- a/pkg/model/components/BUILD.bazel +++ b/pkg/model/components/BUILD.bazel @@ -4,6 +4,7 @@ go_library( name = "go_default_library", srcs = [ "apiserver.go", + "cilium.go", "containerd.go", "context.go", "defaults.go", diff --git a/pkg/model/components/cilium.go b/pkg/model/components/cilium.go new file mode 100644 index 0000000000..9609bfe674 --- /dev/null +++ b/pkg/model/components/cilium.go @@ -0,0 +1,76 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package components + +import ( + "k8s.io/kops/pkg/apis/kops" + "k8s.io/kops/upup/pkg/fi/loader" +) + +// CiliumOptionsBuilder adds options for the cilium to the model +type CiliumOptionsBuilder struct { + Context *OptionsContext +} + +var _ loader.OptionsBuilder = &CiliumOptionsBuilder{} + +func (b *CiliumOptionsBuilder) BuildOptions(o interface{}) error { + clusterSpec := o.(*kops.ClusterSpec) + c := clusterSpec.Networking.Cilium + if c == nil { + return nil + } + + if c.Version == "" { + if b.Context.IsKubernetesLT("1.12.0") { + c.Version = "v1.6.9" + } else if b.Context.IsKubernetesLT("1.18.0") { + c.Version = "v1.7.4" + } + } + + if c.BPFCTGlobalAnyMax == 0 { + c.BPFCTGlobalAnyMax = 262144 + + } + if c.BPFCTGlobalTCPMax == 0 { + c.BPFCTGlobalTCPMax = 524288 + } + + if c.ClusterName == "" { + c.ClusterName = "default" + } + + if c.MonitorAggregation == "" { + c.MonitorAggregation = "medium" + } + + if c.SidecarIstioProxyImage == "" { + c.SidecarIstioProxyImage = "cilium/istio_proxy" + } + + if c.Tunnel == "" { + c.Tunnel = "vxlan" + } + + if c.ToFqdnsDNSRejectResponseCode == "" { + c.ToFqdnsDNSRejectResponseCode = "refused" + } + + return nil + +} diff --git a/upup/models/bindata.go b/upup/models/bindata.go index cea12a2fb8..ccb4c26405 100644 --- a/upup/models/bindata.go +++ b/upup/models/bindata.go @@ -4154,14 +4154,14 @@ data: # - disabled # - vxlan (default) # - geneve - tunnel: "{{- if eq .Tunnel "" -}}vxlan{{- else -}}{{ .Tunnel }}{{- end -}}" + tunnel: "{{ .Tunnel }}" # Name of the cluster. Only relevant when building a mesh of clusters. - cluster-name: "{{- if eq .ClusterName "" -}}default{{- else -}}{{ .ClusterName}}{{- end -}}" + cluster-name: "{{ .ClusterName }}" # DNS response code for rejecting DNS requests, # available options are "nameError" and "refused" - tofqdns-dns-reject-response-code: "{{- if eq .ToFqdnsDNSRejectResponseCode "" -}}refused{{- else -}}{{ .ToFqdnsDNSRejectResponseCode }}{{- end -}}" + tofqdns-dns-reject-response-code: "{{ .ToFqdnsDNSRejectResponseCode }}" # This option is disabled by default starting from version 1.4.x in favor # of a more powerful DNS proxy-based implementation, see [0] for details. # Enable this option if you want to use FQDN policies but do not want to use diff --git a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template index b77f2fe83b..c2bfc3b3e7 100644 --- a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template @@ -107,14 +107,14 @@ data: # - disabled # - vxlan (default) # - geneve - tunnel: "{{- if eq .Tunnel "" -}}vxlan{{- else -}}{{ .Tunnel }}{{- end -}}" + tunnel: "{{ .Tunnel }}" # Name of the cluster. Only relevant when building a mesh of clusters. - cluster-name: "{{- if eq .ClusterName "" -}}default{{- else -}}{{ .ClusterName}}{{- end -}}" + cluster-name: "{{ .ClusterName }}" # DNS response code for rejecting DNS requests, # available options are "nameError" and "refused" - tofqdns-dns-reject-response-code: "{{- if eq .ToFqdnsDNSRejectResponseCode "" -}}refused{{- else -}}{{ .ToFqdnsDNSRejectResponseCode }}{{- end -}}" + tofqdns-dns-reject-response-code: "{{ .ToFqdnsDNSRejectResponseCode }}" # This option is disabled by default starting from version 1.4.x in favor # of a more powerful DNS proxy-based implementation, see [0] for details. # Enable this option if you want to use FQDN policies but do not want to use diff --git a/upup/pkg/fi/cloudup/populate_cluster_spec.go b/upup/pkg/fi/cloudup/populate_cluster_spec.go index 4d76c7ab73..3f43523afe 100644 --- a/upup/pkg/fi/cloudup/populate_cluster_spec.go +++ b/upup/pkg/fi/cloudup/populate_cluster_spec.go @@ -305,6 +305,7 @@ func (c *populateClusterSpec) run(clientset simple.Clientset) error { codeModels = append(codeModels, &components.KubeControllerManagerOptionsBuilder{Context: optionsContext}) codeModels = append(codeModels, &components.KubeSchedulerOptionsBuilder{OptionsContext: optionsContext}) codeModels = append(codeModels, &components.KubeProxyOptionsBuilder{Context: optionsContext}) + codeModels = append(codeModels, &components.CiliumOptionsBuilder{Context: optionsContext}) } } diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index 6deef0ca25..c037a2b045 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -89,7 +89,7 @@ spec: - id: k8s-1.7 kubernetesVersion: <1.12.0 manifest: networking.cilium.io/k8s-1.7.yaml - manifestHash: e6670d455bcd03c5b85ccb6ff6bbe6e068aa7674 + manifestHash: 590dd7dc770d721f15d63e8983aa253010757ddd name: networking.cilium.io selector: role.kubernetes.io/networking: "1" @@ -97,7 +97,7 @@ spec: - id: k8s-1.12 kubernetesVersion: '>=1.12.0' manifest: networking.cilium.io/k8s-1.12.yaml - manifestHash: 2cac1ca4c0db3b48bb066d1477e6cdfe4f3080d5 + manifestHash: 61f05c6e376a570b3f1e53d6b0b2ed9e63cf4c50 name: networking.cilium.io selector: role.kubernetes.io/networking: "1"