Adhere comments

- restore flannel-iface - introduce disable-network-policy flag
2022-04-09 19:20:20 +02:00 · 2022-04-09 19:20:20 +02:00 · 5271f47984
commit 5271f47984
parent 8cacb4a2f8
4 changed files with 18 additions and 12 deletions
--- a/control_planes.tf
+++ b/control_planes.tf
@ -49,19 +49,17 @@ resource "null_resource" "control_planes" {
      token                    = random_password.k3s_token.result
      disable-cloud-controller = true
      disable                  = local.disable_extras
+      flannel-iface            = "eth1"
      kubelet-arg              = "cloud-provider=external"
      node-ip                  = module.control_planes[count.index].private_ipv4_address
      advertise-address        = module.control_planes[count.index].private_ipv4_address
      node-taint               = var.allow_scheduling_on_control_plane ? [] : ["node-role.kubernetes.io/master:NoSchedule"]
      node-label               = var.automatically_upgrade_k3s ? ["k3s_upgrade=true"] : []
+      disable-network-policy   = var.cni_plugin == "calico" ? true : var.disable_network_policy
      },
-      var.cni_plugin == "flannel" ? {
-        flannel-iface = "eth1"
-      } : {},
      var.cni_plugin == "calico" ? {
-        flannel-backend             = "none",
-        disable-network-policy      = true,
-        kube-controller-manager-arg = "flex-volume-plugin-dir=/var/lib/kubelet/volumeplugins/nodeagent~uds",
+        flannel-backend             = "none"
+        kube-controller-manager-arg = "flex-volume-plugin-dir=/var/lib/kubelet/volumeplugins/nodeagent~uds"
    } : {}))
    destination = "/tmp/config.yaml"
  }
--- a/init.tf
+++ b/init.tf
@ -14,19 +14,17 @@ resource "null_resource" "first_control_plane" {
      cluster-init             = true
      disable-cloud-controller = true
      disable                  = local.disable_extras
+      flannel-iface            = "eth1"
      kubelet-arg              = "cloud-provider=external"
      node-ip                  = module.control_planes[0].private_ipv4_address
      advertise-address        = module.control_planes[0].private_ipv4_address
      node-taint               = var.allow_scheduling_on_control_plane ? [] : ["node-role.kubernetes.io/master:NoSchedule"]
      node-label               = var.automatically_upgrade_k3s ? ["k3s_upgrade=true"] : []
+      disable-network-policy   = var.cni_plugin == "calico" ? true : var.disable_network_policy
      },
-      var.cni_plugin == "flannel" ? {
-        flannel-iface = "eth1"
-      } : {},
      var.cni_plugin == "calico" ? {
-        flannel-backend             = "none",
-        disable-network-policy      = true,
-        kube-controller-manager-arg = "flex-volume-plugin-dir=/var/lib/kubelet/volumeplugins/nodeagent~uds",
+        flannel-backend             = "none"
+        kube-controller-manager-arg = "flex-volume-plugin-dir=/var/lib/kubelet/volumeplugins/nodeagent~uds"
    } : {}))
    destination = "/tmp/config.yaml"
  }
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@ -101,3 +101,7 @@ load_balancer_type        = "lb11"
 # If you want to configure a different CNI for k3s, use this flag
 # possible values: flannel (Default), calico
 # cni_plugin = "flannel"
+
+# If you want to disable the k3s default network policy controller, use this flag
+# Calico overrides this value to true automatically
+# disable_network_policy = false
--- a/variables.tf
+++ b/variables.tf
@ -145,6 +145,12 @@ variable "traefik_additional_options" {

 }

+variable "disable_network_policy" {
+  type        = bool
+  default     = false
+  description = "Disable k3s default network policy controller (default false, automatically true for calico)"
+}
+
 variable "cni_plugin" {
  type        = string
  default     = "flannel"