From e6ed4c0b3f9008abe822427db06b1d442c8023fe Mon Sep 17 00:00:00 2001
From: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>
Date: Sun, 29 Nov 2020 21:07:12 +1100
Subject: [PATCH] update helm values to be from a j2 template

Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>
---
 ansible/group_vars/all.yml                 |  6 ++--
 ansible/roles/cni/defaults/main.yml        |  2 +-
 ansible/roles/cni/tasks/cilium.yml         | 37 ++++++++--------------
 ansible/roles/kubernetes/defaults/main.yml |  6 ++--
 4 files changed, 20 insertions(+), 31 deletions(-)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index b7b03a96..01482131 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -15,9 +15,9 @@
 ##
 # Role: kubernetes
 ##
-# kubernetes_kubectl_version: 1.19.0-00
-# kubernetes_kubelet_version: 1.19.0-00
-# kubernetes_kubeadm_version: 1.19.0-00
+# kubernetes_kubectl_version: 1.19.4-00
+# kubernetes_kubelet_version: 1.19.4-00
+# kubernetes_kubeadm_version: 1.19.4-00
 
 ##
 # Role: cri
diff --git a/ansible/roles/cni/defaults/main.yml b/ansible/roles/cni/defaults/main.yml
index b3192669..d0730876 100644
--- a/ansible/roles/cni/defaults/main.yml
+++ b/ansible/roles/cni/defaults/main.yml
@@ -5,4 +5,4 @@ cni_bgp_peer_asn: 64512
 cni_cilium_helm_version: 1.9.0
 cni_cilium_image_version: v1.9.0
 k8s_service_host: "{{ hostvars[groups['masters'][0]]['ansible_host'] }}"
-k8s_service_port: 6443
+k8s_service_port: 8443
diff --git a/ansible/roles/cni/tasks/cilium.yml b/ansible/roles/cni/tasks/cilium.yml
index 77f9d852..26c5d59a 100644
--- a/ansible/roles/cni/tasks/cilium.yml
+++ b/ansible/roles/cni/tasks/cilium.yml
@@ -5,45 +5,34 @@
   args:
     warn: false
 
-- name: Add Cilium Repo
+- name: Add Cilium Helm Repo
   command:
     cmd: helm repo add cilium https://helm.cilium.io/
     creates: /usr/local/bin/helm
 
+- name: Generate cilium helm values
+  template:
+    src: values.yaml.j2
+    dest: /root/values.yaml
+    mode: 0644
+
 - name: Deploy Cilium
   shell: |
-    set -o pipefail && helm upgrade -i cilium cilium/cilium --version {{ cni_cilium_helm_version }} \
-    --set global.registry="docker.io/cilium" \
-    --set global.tag="{{ cni_cilium_image_version }}" \
-    --set global.tunnel="disabled" \
-    --set global.externalIPs.enabled="true" \
-    --set global.ipam.operator.clusterPoolIPv4PodCIDR="{{ cluster_pod_subnet }}" \
-    --set global.ipam.operator.clusterPoolIPv4MaskSize="24" \
-    --set global.endpointRoutes.enabled="true" \
-    --set global.hostServices.enabled="true" \
-    --set global.autoDirectNodeRoutes="true" \
-    --set global.nodePort.enabled="true" \
-    --set global.nodePort.mode="dsr" \
-    --set global.masquerade="false" \
-    --set global.hubble.enabled="true" \
-    --set global.hubble.ui.enabled="true" \
-    --set global.hubble.relay.enabled="true" \
-    --set global.hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}" \
-    --set global.kubeProxyReplacement=strict \
-    --set global.k8sServiceHost={{ k8s_service_host }} \
-    --set global.k8sServicePort={{ k8s_service_port }} \
-    --set config.bpfMasquerade="false" \
+    set -o pipefail && helm upgrade -i cilium cilium/cilium \
+    --values=/root/values.yaml \
+    --version {{ cni_cilium_helm_version }} \
     --namespace kube-system
   args:
     creates: /etc/cni/net.d/05-cilium.conf
 
+# TODO: Only deploy kube-router if enabled
 - name: Create Manifests Directory
   file:
     path: /root/manifests
     state: directory
     mode: 0700
 
-- name: "Deploy manifests"
+- name: "Generate kube-router manifests"
   become: true
   template:
     src: "{{ item }}"
@@ -52,7 +41,7 @@
   with_items:
   - "generic-kuberouter-only-advertise-routes.yaml.j2"
 
-- name: Applying manifests
+- name: Apply kube-router manifests
   command:
     cmd: "kubectl apply -f /root/manifests/{{ item }}"
   with_items:
diff --git a/ansible/roles/kubernetes/defaults/main.yml b/ansible/roles/kubernetes/defaults/main.yml
index e3386cc8..a21b1d1b 100644
--- a/ansible/roles/kubernetes/defaults/main.yml
+++ b/ansible/roles/kubernetes/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
-kubernetes_kubelet_version: 1.19.0-00
-kubernetes_kubeadm_version: 1.19.0-00
-kubernetes_kubectl_version: 1.19.0-00
+kubernetes_kubelet_version: 1.19.4-00
+kubernetes_kubeadm_version: 1.19.4-00
+kubernetes_kubectl_version: 1.19.4-00