From 3d1ba35d7a8c0f211237b6f3c77d018e1edcbc3b Mon Sep 17 00:00:00 2001
From: Patrick Stadler <patrick.stadler@gmail.com>
Date: Wed, 13 Sep 2023 13:29:49 +0200
Subject: [PATCH] CNI: replace Weave with Cilium

---
 .gitignore                           |  1 +
 service/kubernetes/main.tf           | 17 +++++++----------
 service/kubernetes/scripts/master.sh | 10 +++++++++-
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7b9321f..4c12a17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .terraform/
+.terraform.lock.hcl
 terraform.tfstate*
 .terraform.tfstate*
 terraform.tfvars
diff --git a/service/kubernetes/main.tf b/service/kubernetes/main.tf
index effac51..e25b8af 100644
--- a/service/kubernetes/main.tf
+++ b/service/kubernetes/main.tf
@@ -42,16 +42,16 @@ variable "etcd_endpoints" {
 }
 
 variable "overlay_interface" {
-  default = "weave"
+  default = "cilium_vxlan"
 }
 
 variable "overlay_cidr" {
   default = "10.96.0.0/16"
 }
 
-variable "weave_net_version" {
+variable "cilium_version" {
   type    = string
-  default = "v2.8.1"
+  default = "1.14.1"
 }
 
 resource "random_string" "token1" {
@@ -109,11 +109,7 @@ resource "null_resource" "kubernetes" {
 
   provisioner "remote-exec" {
     inline = [
-      templatefile("${path.module}/scripts/install.sh", {
-        vpn_interface = var.vpn_interface
-        overlay_cidr  = var.overlay_cidr
-        }
-      )
+      file("${path.module}/scripts/install.sh")
     ]
   }
 
@@ -122,8 +118,9 @@ resource "null_resource" "kubernetes" {
       count.index == 0
       ? templatefile("${path.module}/scripts/master.sh",
         {
-          token             = local.cluster_token
-          weave_net_version = var.weave_net_version
+          token          = local.cluster_token
+          cilium_version = var.cilium_version
+          overlay_cidr   = var.overlay_cidr
       })
       : templatefile("${path.module}/scripts/slave.sh",
         {
diff --git a/service/kubernetes/scripts/master.sh b/service/kubernetes/scripts/master.sh
index 4f33a74..f7ecd0e 100644
--- a/service/kubernetes/scripts/master.sh
+++ b/service/kubernetes/scripts/master.sh
@@ -17,7 +17,15 @@ until nc -z localhost 6443; do
 done
 
 echo "Install CNI"
-kubectl apply -f "https://github.com/weaveworks/weave/releases/download/${weave_net_version}/weave-daemonset-k8s.yaml"
+CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
+CLI_ARCH="$(arch | sed 's/x86_64/amd64/; s/aarch64/arm64/')"
+curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/$${CILIUM_CLI_VERSION}/cilium-linux-$${CLI_ARCH}.tar.gz{,.sha256sum}
+sha256sum --check cilium-linux-$${CLI_ARCH}.tar.gz.sha256sum
+sudo tar xzvfC cilium-linux-$${CLI_ARCH}.tar.gz /usr/local/bin
+rm cilium-linux-$${CLI_ARCH}.tar.gz*
+
+cilium install --version ${cilium_version} --set ipam.mode=cluster-pool --set ipam.operator.clusterPoolIPv4PodCIDRList=10.96.0.0/16
+cilium status --wait
 
 echo "Add cluster role binding"
 # See: https://kubernetes.io/docs/admin/authorization/rbac/