richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5938 Commits
34 Branches
82 Tags
155 MiB
Tree: 0ac364dfae
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ac364dfae'
${ noResults }
kubespray/roles/network_plugin/calico/tasks/install.yml

429 lines
15 KiB
Raw Normal View History

calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico wireguard (#7638) * Calico: add Wireguard support * CI: Add Calico Wireguard scenario
3 years ago
Switch calicoctl from a container to a binary (#4524)
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico upgrade path validation and old version cleanup (#6733) * calico: add constant calico_min_version_required and verify current deployed version against it. * calico: remove upgrade support with data migration The tool was used pre v3.0.0 and is no longer needed. * calico: remove old version support from tasks * calico: remove old ver support from policy ctrl * calico: remove old ver support from node * canal: remove old ver support * remove unused calicoctl download checksums calico_min_version_required is the oldest version that can be installed Older versions can be removed.
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix calico-kube-controller becomes Error (#7548) Change mode so that calico-kube-controllers can be read because it was changed to run as non-root https://github.com/projectcalico/kube-controllers/pull/566
3 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
5 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Generate TLS certs for calico typha (#5258) * Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Generate TLS certs for calico typha (#5258) * Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
Switch calicoctl from a container to a binary (#4524)
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
fix for calico with kdd datastore (#4922) * fix for calico with kdd datastore * remove AS number from daemonset * revert changes to canal * additionnal fixes for kdd datastore in calico
5 years ago
Switch calicoctl from a container to a binary (#4524)
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Enable kubeadm etcd mode (#4818) * Enable kubeadm etcd mode Uses cert commands from kubeadm experimental control plane to enable non-master nodes to obtain etcd certs. Related story: PROD-29434 Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178 * Add validation checks and exclude calico kdd mode Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c * Move etcd mode test to ubuntu flannel HA job Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732 * rename etcd_mode to etcd_kubeadm_enabled Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Switch calicoctl from a container to a binary (#4524)
5 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
changed_when:false (#4189)
6 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) (#4131) * Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) * Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
6 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) (#4131) * Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) * Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
6 years ago
Changes to support Dual Stack networking
4 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Changes to support Dual Stack networking
4 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Changes to support Dual Stack networking
4 years ago
Download Calico KDD CRDs (#7372) * Download Calico KDD CRDs * Replace kustomize with lineinfile and use ansible assemble module * Replace find+lineinfile by sed in shell module to avoid nested loop * add condition on sed * use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"
4 years ago
Add Calico v3.17.3 and v3.18.1 (#7524) * add hashes for calico v3.17.3 * add hashes for claico v3.18.1 * bump default calico version to v3.17.3 * calico crds are missing yaml separator breaking kdd
3 years ago
Download Calico KDD CRDs (#7372) * Download Calico KDD CRDs * Replace kustomize with lineinfile and use ansible assemble module * Replace find+lineinfile by sed in shell module to avoid nested loop * add condition on sed * use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"
4 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
fix for calico with kdd datastore (#4922) * fix for calico with kdd datastore * remove AS number from daemonset * revert changes to canal * additionnal fixes for kdd datastore in calico
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
fix for calico with kdd datastore (#4922) * fix for calico with kdd datastore * remove AS number from daemonset * revert changes to canal * additionnal fixes for kdd datastore in calico
5 years ago
Calico enable support for eBPF (#7618) * Calico: align manifests with upstream * allow enabling typha prometheus metrics * Calico: enable eBPF support * manage the kubernetes-services-endpoint configmap * Calico: document the use of eBPF dataplane * Calico: improve checks before deployment * enforce disabling kube-proxy when using eBPF dataplane * ensure calico_version is supported
3 years ago
Calico wireguard (#7638) * Calico: add Wireguard support * CI: Add Calico Wireguard scenario
3 years ago
Calico enable support for eBPF (#7618) * Calico: align manifests with upstream * allow enabling typha prometheus metrics * Calico: enable eBPF support * manage the kubernetes-services-endpoint configmap * Calico: document the use of eBPF dataplane * Calico: improve checks before deployment * enforce disabling kube-proxy when using eBPF dataplane * ensure calico_version is supported
3 years ago
Calico upgrade path validation and old version cleanup (#6733) * calico: add constant calico_min_version_required and verify current deployed version against it. * calico: remove upgrade support with data migration The tool was used pre v3.0.0 and is no longer needed. * calico: remove old version support from tasks * calico: remove old ver support from policy ctrl * calico: remove old ver support from node * canal: remove old ver support * remove unused calicoctl download checksums calico_min_version_required is the oldest version that can be installed Older versions can be removed.
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix ansible calico route reflector tasks in calico role (#7224) * Fix calico-rr tasks * revert stdin only when it's already a string
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
add blockSize to IPPool spec for Calico >= v3.3.0 (#4224) * add blockSize to IPPool spec for Calico >= v3.3.0 * fix "cidr" spec in Calico IPPool resource for my PR
6 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
add blockSize to IPPool spec for Calico >= v3.3.0 (#4224) * add blockSize to IPPool spec for Calico >= v3.3.0 * fix "cidr" spec in Calico IPPool resource for my PR
6 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
5 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
add blockSize to IPPool spec for Calico >= v3.3.0 (#4224) * add blockSize to IPPool spec for Calico >= v3.3.0 * fix "cidr" spec in Calico IPPool resource for my PR
6 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
add blockSize to IPPool spec for Calico >= v3.3.0 (#4224) * add blockSize to IPPool spec for Calico >= v3.3.0 * fix "cidr" spec in Calico IPPool resource for my PR
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
Changes to support Dual Stack networking
4 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Changes to support Dual Stack networking
4 years ago
Add serviceExternalIPs option for calico installation (#6928)
4 years ago
Support Calico advertisement of MetalLB LoadBalancer IPs (#7593) * add initial MetalLB docs * metallb allow disabling the deployment of the metallb speaker * calico>=3.18 allow using calico to advertise service loadbalancer IPs * Document the use of MetalLB and Calico * clean MetalLB docs
3 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico: update files to handle multi-asn bgp peering conditions. (#6971) * update files to handle multi-asn bgp peering conditions. * put back in the serviceClusterIPs. Bad merge. * remove extraneous environment var. * update files as discussed with mirwan * update titles. * add not in. * add a conditional for using bgp to advertise cluster ips. Co-authored-by: marlow-h <mweston@habana.ai>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix ansible calico route reflector tasks in calico role (#7224) * Fix calico-rr tasks * revert stdin only when it's already a string
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
add support for custom calico port (#7419)
3 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Calico: update files to handle multi-asn bgp peering conditions. (#6971) * update files to handle multi-asn bgp peering conditions. * put back in the serviceClusterIPs. Bad merge. * remove extraneous environment var. * update files as discussed with mirwan * update titles. * add not in. * add a conditional for using bgp to advertise cluster ips. Co-authored-by: marlow-h <mweston@habana.ai>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Support Calico advertisement of MetalLB LoadBalancer IPs (#7593) * add initial MetalLB docs * metallb allow disabling the deployment of the metallb speaker * calico>=3.18 allow using calico to advertise service loadbalancer IPs * Document the use of MetalLB and Calico * clean MetalLB docs
3 years ago
Calico: update files to handle multi-asn bgp peering conditions. (#6971) * update files to handle multi-asn bgp peering conditions. * put back in the serviceClusterIPs. Bad merge. * remove extraneous environment var. * update files as discussed with mirwan * update titles. * add not in. * add a conditional for using bgp to advertise cluster ips. Co-authored-by: marlow-h <mweston@habana.ai>
4 years ago
Mark "Calico | Set global as_num" as "unchanged" (#4539) This command executes with "--skip-exists" parameter, so it is idempotent and should not be marked as "changed".
5 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix ansible calico route reflector tasks in calico role (#7224) * Fix calico-rr tasks * revert stdin only when it's already a string
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
allow overriding calico peers names and avoid ipv6 naming issues (#7591)
3 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix ansible calico route reflector tasks in calico role (#7224) * Fix calico-rr tasks * revert stdin only when it's already a string
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix ansible calico route reflector tasks in calico role (#7224) * Fix calico-rr tasks * revert stdin only when it's already a string
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Refactor calico route reflector to run in k8s cluster (#4975) * Refactor calico-rr to run in k8s cluster with taint Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa * add preinstall checks * rework calico/rr role Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8 * add empty calico-rr group Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
5 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Calico enable support for eBPF (#7618) * Calico: align manifests with upstream * allow enabling typha prometheus metrics * Calico: enable eBPF support * manage the kubernetes-services-endpoint configmap * Calico: document the use of eBPF dataplane * Calico: improve checks before deployment * enforce disabling kube-proxy when using eBPF dataplane * ensure calico_version is supported
3 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Replace kube-master with kube_control_plane (#7256) This replaces kube-master with kube_control_plane because of [1]: The Kubernetes project is moving away from wording that is considered offensive. A new working group WG Naming was created to track this work, and the word "master" was declared as offensive. A proposal was formalized for replacing the word "master" with "control plane". This means it should be removed from source code, documentation, and user-facing configuration from Kubernetes and its sub-projects. NOTE: The reason why this changes it to kube_control_plane not kube-control-plane is for valid group names on ansible. [1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
4 years ago
Enable nodes to run calicoctl for calico kdd mode (#4956) * Enable nodes to run calicoctl per-node tasks require waiting for calico-node to be applied Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2 * cleanup tasks that should run on master Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae * Switch run_once calico logic to just run on first master Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
5 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix ansible calico route reflector tasks in calico role (#7224) * Fix calico-rr tasks * revert stdin only when it's already a string
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Add .editorconfig file (#6307)
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492)
6 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492)
6 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492)
6 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492)
6 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix ansible calico route reflector tasks in calico role (#7224) * Fix calico-rr tasks * revert stdin only when it's already a string
4 years ago
calico: fix warnings (#7121) TASK [network_plugin/calico : Calico | Configure calico network pool] ********** task path: /builds/kargo-ci/kubernetes-sigs-kubespray/roles/network_plugin/calico/tasks/install.yml:138 Friday 08 January 2021 17:10:12 +0000 (0:00:01.521) 0:11:36.885 ******** [WARNING]: The value {'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}} (type dict) in a string field was converted to "{'kind': 'IPPool', 'apiVersion': 'projectcalico.org/v3', 'metadata': {'name': 'default-pool'}, 'spec': {'blockSize': 24, 'cidr': '10.233.64.0/18', 'ipipMode': 'Always', 'vxlanMode': 'Never', 'natOutgoing': True}}" (type string). If this does not look like what you expect, quote the entire value to ensure it does not change. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
4 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
allow overriding calico peers names and avoid ipv6 naming issues (#7591)
3 years ago
Fix E306 in roles/network_plugin (#6516) Signed-off-by: Miouge1 <maxime@root314.com>
4 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix retries keyword missing until instruction (#5989)
4 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix calico peering with router(s) (#3547)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico: Ability to define global peers (#3493)
6 years ago
Rename ansible groups to use _ instead of - (#7552) * rename ansible groups to use _ instead of - k8s-cluster -> k8s_cluster k8s-node -> k8s_node calico-rr -> calico_rr no-floating -> no_floating Note: kube-node,k8s-cluster groups in upgrade CI need clean-up after v2.16 is tagged * ensure old groups are mapped to the new ones
3 years ago
  1. ---
  2. - name: Calico | Install Wireguard packages
  3. package:
  4. name: "{{ item }}"
  5. state: present
  6. with_items: "{{ calico_wireguard_packages }}"
  7. register: calico_package_install
  8. until: calico_package_install is succeeded
  9. retries: 4
  10. when: calico_wireguard_enabled
  12. - name: Calico | Copy calicoctl binary from download dir
  13. copy:
  14. src: "{{ local_release_dir }}/calicoctl"
  15. dest: "{{ bin_dir }}/calicoctl"
  16. mode: 0755
  17. remote_src: yes
  19. - name: Calico | Write Calico cni config
  20. template:
  21. src: "cni-calico.conflist.j2"
  22. dest: "/etc/cni/net.d/calico.conflist.template"
  23. owner: kube
  24. register: calico_conflist
  25. notify: reset_calico_cni
  27. - name: Calico | Create calico certs directory
  28. file:
  29. dest: "{{ calico_cert_dir }}"
  30. state: directory
  31. mode: 0750
  32. owner: root
  33. group: root
  34. when: calico_datastore == "etcd"
  36. - name: Calico | Link etcd certificates for calico-node
  37. file:
  38. src: "{{ etcd_cert_dir }}/{{ item.s }}"
  39. dest: "{{ calico_cert_dir }}/{{ item.d }}"
  40. state: hard
  41. mode: 0640
  42. force: yes
  43. with_items:
  44. - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
  45. - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
  46. - {s: "{{ kube_etcd_key_file }}", d: "key.pem"}
  47. when: calico_datastore == "etcd"
  49. - name: Calico | Generate typha certs
  50. include_tasks: typha_certs.yml
  51. when:
  52. - typha_secure
  53. - inventory_hostname == groups['kube_control_plane'][0]
  55. - name: Calico | Install calicoctl wrapper script
  56. template:
  57. src: "calicoctl.{{ calico_datastore }}.sh.j2"
  58. dest: "{{ bin_dir }}/calicoctl.sh"
  59. mode: 0755
  60. owner: root
  61. group: root
  63. - name: Calico | wait for etcd
  64. uri:
  65. url: "{{ etcd_access_addresses.split(',') | first }}/health"
  66. validate_certs: no
  67. client_cert: "{{ calico_cert_dir }}/cert.crt"
  68. client_key: "{{ calico_cert_dir }}/key.pem"
  69. register: result
  70. until: result.status == 200 or result.status == 401
  71. retries: 10
  72. delay: 5
  73. run_once: true
  74. when: calico_datastore == "etcd"
  76. - name: Calico | Check if calico network pool has already been configured
  77. # noqa 306 - grep will exit 1 if no match found
  78. shell: >
  79. {{ bin_dir }}/calicoctl.sh get ippool | grep -w "{{ calico_pool_cidr | default(kube_pods_subnet) }}" | wc -l
  80. args:
  81. executable: /bin/bash
  82. register: calico_conf
  83. retries: 4
  84. until: calico_conf.rc == 0
  85. delay: "{{ retry_stagger | random + 3 }}"
  86. changed_when: false
  87. when:
  88. - inventory_hostname == groups['kube_control_plane'][0]
  90. - name: Calico | Ensure that calico_pool_cidr is within kube_pods_subnet when defined
  91. assert:
  92. that: "[calico_pool_cidr] | ipaddr(kube_pods_subnet) | length == 1"
  93. msg: "{{ calico_pool_cidr }} is not within or equal to {{ kube_pods_subnet }}"
  94. when:
  95. - inventory_hostname == groups['kube_control_plane'][0]
  96. - 'calico_conf.stdout == "0"'
  97. - calico_pool_cidr is defined
  99. - name: Calico | Check if calico IPv6 network pool has already been configured
  100. # noqa 306 - grep will exit 1 if no match found
  101. shell: >
  102. {{ bin_dir }}/calicoctl.sh get ippool | grep -w "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}" | wc -l
  103. args:
  104. executable: /bin/bash
  105. register: calico_conf_ipv6
  106. retries: 4
  107. until: calico_conf_ipv6.rc == 0
  108. delay: "{{ retry_stagger | random + 3 }}"
  109. changed_when: false
  110. when:
  111. - inventory_hostname == groups['kube_control_plane'][0]
  112. - enable_dual_stack_networks
  114. - name: Calico | Ensure that calico_pool_cidr_ipv6 is within kube_pods_subnet_ipv6 when defined
  115. assert:
  116. that: "[calico_pool_cidr_ipv6] | ipaddr(kube_pods_subnet_ipv6) | length == 1"
  117. msg: "{{ calico_pool_cidr_ipv6 }} is not within or equal to {{ kube_pods_subnet_ipv6 }}"
  118. when:
  119. - inventory_hostname == groups['kube_control_plane'][0]
  120. - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
  121. - calico_pool_cidr_ipv6 is defined
  122. - enable_dual_stack_networks
  124. - block:
  125. - name: Calico | Create calico manifests for kdd
  126. assemble:
  127. src: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds"
  128. dest: "{{ kube_config_dir }}/kdd-crds.yml"
  129. delimiter: "---\n"
  130. regexp: ".*\\.yaml"
  131. remote_src: true
  133. - name: Calico | Create Calico Kubernetes datastore resources
  134. kube:
  135. kubectl: "{{ bin_dir }}/kubectl"
  136. filename: "{{ kube_config_dir }}/kdd-crds.yml"
  137. state: "latest"
  138. when:
  139. - inventory_hostname == groups['kube_control_plane'][0]
  140. when:
  141. - inventory_hostname in groups['kube_control_plane']
  142. - calico_datastore == "kdd"
  144. - name: Calico | Configure calico FelixConfiguration
  145. command:
  146. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  147. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  148. vars:
  149. stdin: >
  150. { "kind": "FelixConfiguration",
  151. "apiVersion": "projectcalico.org/v3",
  152. "metadata": {
  153. "name": "default",
  154. },
  155. "spec": {
  156. "ipipEnabled": {{ calico_ipip_mode != 'Never' | bool }},
  157. "reportingInterval": "{{ calico_felix_reporting_interval }}",
  158. "bpfLogLevel": "{{ calico_bpf_log_level }}",
  159. "bpfEnabled": {{ calico_bpf_enabled | bool }},
  160. "bpfExternalServiceMode": "{{ calico_bpf_service_mode }}",
  161. "wireguardEnabled": {{ calico_wireguard_enabled | bool }},
  162. "logSeverityScreen": "{{ calico_felix_log_severity_screen }}" }}
  163. when:
  164. - inventory_hostname == groups['kube_control_plane'][0]
  166. - name: Calico | Configure calico network pool
  167. command:
  168. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  169. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  170. vars:
  171. stdin: >
  172. { "kind": "IPPool",
  173. "apiVersion": "projectcalico.org/v3",
  174. "metadata": {
  175. "name": "{{ calico_pool_name }}",
  176. },
  177. "spec": {
  178. "blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }},
  179. "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
  180. "ipipMode": "{{ calico_ipip_mode }}",
  181. "vxlanMode": "{{ calico_vxlan_mode }}",
  182. "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }}
  183. when:
  184. - inventory_hostname == groups['kube_control_plane'][0]
  185. - 'calico_conf.stdout == "0"'
  187. - name: Calico | Configure calico ipv6 network pool (version >= v3.3.0)
  188. command:
  189. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  190. stdin: >
  191. { "kind": "IPPool",
  192. "apiVersion": "projectcalico.org/v3",
  193. "metadata": {
  194. "name": "{{ calico_pool_name }}-ipv6",
  195. },
  196. "spec": {
  197. "blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }},
  198. "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
  199. "ipipMode": "{{ calico_ipip_mode_ipv6 }}",
  200. "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
  201. "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} }}
  202. when:
  203. - inventory_hostname == groups['kube_control_plane'][0]
  204. - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
  205. - enable_dual_stack_networks | bool
  207. - name: Populate Service External IPs
  208. set_fact:
  209. _service_external_ips: "{{ _service_external_ips|default([]) + [ {'cidr': item} ] }}"
  210. with_items: "{{ calico_advertise_service_external_ips }}"
  211. run_once: yes
  213. - name: Populate Service LoadBalancer IPs
  214. set_fact:
  215. _service_loadbalancer_ips: "{{ _service_loadbalancer_ips|default([]) + [ {'cidr': item} ] }}"
  216. with_items: "{{ calico_advertise_service_loadbalancer_ips }}"
  217. run_once: yes
  219. - name: "Determine nodeToNodeMesh needed state"
  220. set_fact:
  221. nodeToNodeMeshEnabled: "false"
  222. when:
  223. - peer_with_router|default(false) or peer_with_calico_rr|default(false)
  224. - inventory_hostname in groups['k8s_cluster']
  225. run_once: yes
  227. - name: Calico | Set up BGP Configuration
  228. command:
  229. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  230. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  231. vars:
  232. stdin: >
  233. { "kind": "BGPConfiguration",
  234. "apiVersion": "projectcalico.org/v3",
  235. "metadata": {
  236. "name": "default",
  237. },
  238. "spec": {
  239. "listenPort": {{ calico_bgp_listen_port }},
  240. "logSeverityScreen": "Info",
  241. {% if not calico_no_global_as_num|default(false) %}"asNumber": {{ global_as_num }},{% endif %}
  242. "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} ,
  243. {% if calico_advertise_cluster_ips|default(false) %}"serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" }],{% endif %}
  244. {% if calico_version is version('v3.18.0', '>') and calico_advertise_service_loadbalancer_ips|length > 0 %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %}
  245. "serviceExternalIPs": {{ _service_external_ips|default([]) }} }}
  246. changed_when: false
  247. when:
  248. - inventory_hostname == groups['kube_control_plane'][0]
  250. - name: Calico | Configure peering with router(s) at global scope
  251. command:
  252. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  253. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  254. vars:
  255. stdin: >
  256. {"apiVersion": "projectcalico.org/v3",
  257. "kind": "BGPPeer",
  258. "metadata": {
  259. "name": "global-{{ item.name | default(item.router_id|replace(':','-')) }}"
  260. },
  261. "spec": {
  262. "asNumber": "{{ item.as }}",
  263. "peerIP": "{{ item.router_id }}"
  264. }}
  265. register: output
  266. retries: 4
  267. until: output.rc == 0
  268. delay: "{{ retry_stagger | random + 3 }}"
  269. with_items:
  270. - "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|list|default([]) }}"
  271. when:
  272. - inventory_hostname == groups['kube_control_plane'][0]
  273. - peer_with_router|default(false)
  275. - name: Calico | Configure peering with route reflectors at global scope
  276. command:
  277. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  278. # revert when it's already a string
  279. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  280. vars:
  281. stdin: >
  282. {"apiVersion": "projectcalico.org/v3",
  283. "kind": "BGPPeer",
  284. "metadata": {
  285. "name": "peer-to-rrs"
  286. },
  287. "spec": {
  288. "nodeSelector": "!has(i-am-a-route-reflector)",
  289. "peerSelector": "has(i-am-a-route-reflector)"
  290. }}
  291. register: output
  292. retries: 4
  293. until: output.rc == 0
  294. delay: "{{ retry_stagger | random + 3 }}"
  295. with_items:
  296. - "{{ groups['calico_rr'] | default([]) }}"
  297. when:
  298. - inventory_hostname == groups['kube_control_plane'][0]
  299. - peer_with_calico_rr|default(false)
  301. - name: Calico | Configure route reflectors to peer with each other
  302. command:
  303. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  304. # revert when it's already a string
  305. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  306. vars:
  307. stdin: >
  308. {"apiVersion": "projectcalico.org/v3",
  309. "kind": "BGPPeer",
  310. "metadata": {
  311. "name": "rr-mesh"
  312. },
  313. "spec": {
  314. "nodeSelector": "has(i-am-a-route-reflector)",
  315. "peerSelector": "has(i-am-a-route-reflector)"
  316. }}
  317. register: output
  318. retries: 4
  319. until: output.rc == 0
  320. delay: "{{ retry_stagger | random + 3 }}"
  321. with_items:
  322. - "{{ groups['calico_rr'] | default([]) }}"
  323. when:
  324. - inventory_hostname == groups['kube_control_plane'][0]
  325. - peer_with_calico_rr|default(false)
  327. - name: Calico | Create calico manifests
  328. template:
  329. src: "{{ item.file }}.j2"
  330. dest: "{{ kube_config_dir }}/{{ item.file }}"
  331. with_items:
  332. - {name: calico-config, file: calico-config.yml, type: cm}
  333. - {name: calico-node, file: calico-node.yml, type: ds}
  334. - {name: calico, file: calico-node-sa.yml, type: sa}
  335. - {name: calico, file: calico-cr.yml, type: clusterrole}
  336. - {name: calico, file: calico-crb.yml, type: clusterrolebinding}
  337. - {name: kubernetes-services-endpoint, file: kubernetes-services-endpoint.yml, type: cm }
  338. register: calico_node_manifests
  339. when:
  340. - inventory_hostname in groups['kube_control_plane']
  341. - rbac_enabled or item.type not in rbac_resources
  343. - name: Calico | Create calico manifests for typha
  344. template:
  345. src: "{{ item.file }}.j2"
  346. dest: "{{ kube_config_dir }}/{{ item.file }}"
  347. with_items:
  348. - {name: calico, file: calico-typha.yml, type: typha}
  349. register: calico_node_typha_manifest
  350. when:
  351. - inventory_hostname in groups['kube_control_plane']
  352. - typha_enabled and calico_datastore == "kdd"
  354. - name: Start Calico resources
  355. kube:
  356. name: "{{ item.item.name }}"
  357. namespace: "kube-system"
  358. kubectl: "{{ bin_dir }}/kubectl"
  359. resource: "{{ item.item.type }}"
  360. filename: "{{ kube_config_dir }}/{{ item.item.file }}"
  361. state: "latest"
  362. with_items:
  363. - "{{ calico_node_manifests.results }}"
  364. - "{{ calico_node_typha_manifest.results }}"
  365. when:
  366. - inventory_hostname == groups['kube_control_plane'][0]
  367. - not item is skipped
  368. loop_control:
  369. label: "{{ item.item.file }}"
  371. - name: Wait for calico kubeconfig to be created
  372. wait_for:
  373. path: /etc/cni/net.d/calico-kubeconfig
  374. when:
  375. - inventory_hostname not in groups['kube_control_plane']
  376. - calico_datastore == "kdd"
  378. - name: Calico | Configure node asNumber for per node peering
  379. command:
  380. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  381. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  382. vars:
  383. stdin: >
  384. {"apiVersion": "projectcalico.org/v3",
  385. "kind": "Node",
  386. "metadata": {
  387. "name": "{{ inventory_hostname }}"
  388. },
  389. "spec": {
  390. "bgp": {
  391. "asNumber": "{{ local_as }}"
  392. },
  393. "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}]
  394. }}
  395. register: output
  396. retries: 4
  397. until: output.rc == 0
  398. delay: "{{ retry_stagger | random + 3 }}"
  399. when:
  400. - peer_with_router|default(false)
  401. - inventory_hostname in groups['k8s_cluster']
  402. - local_as is defined
  403. - groups['calico_rr'] | default([]) | length == 0
  405. - name: Calico | Configure peering with router(s) at node scope
  406. command:
  407. cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
  408. stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
  409. vars:
  410. stdin: >
  411. {"apiVersion": "projectcalico.org/v3",
  412. "kind": "BGPPeer",
  413. "metadata": {
  414. "name": "{{ inventory_hostname }}-{{ item.name | default(item.router_id|replace(':','-')) }}"
  415. },
  416. "spec": {
  417. "asNumber": "{{ item.as }}",
  418. "node": "{{ inventory_hostname }}",
  419. "peerIP": "{{ item.router_id }}"
  420. }}
  421. register: output
  422. retries: 4
  423. until: output.rc == 0
  424. delay: "{{ retry_stagger | random + 3 }}"
  425. with_items:
  426. - "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
  427. when:
  428. - peer_with_router|default(false)
  429. - inventory_hostname in groups['k8s_cluster']