kubespray/roles/network_plugin/canal/tasks/main.yml

---
- name: Canal | Write Canal cni config
  template:
    src: "cni-canal.conflist.j2"
    dest: "/etc/cni/net.d/canal.conflist.template"
    owner: kube
  register: canal_conflist
  notify: reset_canal_cni

- name: Canal | Create canal certs directory
  file:
    dest: "{{ canal_cert_dir }}"
    state: directory
    mode: 0750
    owner: root
    group: root

- name: Canal | Link etcd certificates for canal-node
  file:
    src: "{{ etcd_cert_dir }}/{{ item.s }}"
    dest: "{{ canal_cert_dir }}/{{ item.d }}"
    state: hard
    mode: 0640
    force: yes
  with_items:
    - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
    - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"}
    - {s: "{{ kube_etcd_key_file }}", d: "key.pem"}

# Flannel need etcd v2 API
- name: Canal | Set Flannel etcd configuration
  command: |-
    {{ bin_dir }}/etcdctl set /{{ cluster_name }}/network/config \
    '{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
  register: output
  retries: 4
  until: output.rc == 0
  delay: "{{ retry_stagger | random + 3 }}"
  delegate_to: "{{ groups['etcd'][0] }}"
  changed_when: false
  run_once: true
  environment:
    ETCDCTL_API: 2
    ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"
    ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
    ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"

- name: Canal | Create canal node manifests
  template:
    src: "{{ item.file }}.j2"
    dest: "{{ kube_config_dir }}/{{ item.file }}"
  with_items:
    - {name: canal-config, file: canal-config.yaml, type: cm}
    - {name: canal-node, file: canal-node.yaml, type: ds}
    - {name: canal, file: canal-node-sa.yml, type: sa}
    - {name: calico, file: canal-cr-calico.yml, type: clusterrole}
    - {name: flannel, file: canal-cr-flannel.yml, type: clusterrole}
    - {name: canal-calico, file: canal-crb-calico.yml, type: clusterrolebinding}
    - {name: canal-flannel, file: canal-crb-flannel.yml, type: clusterrolebinding}
  register: canal_manifests
  when:
    - inventory_hostname in groups['kube_control_plane']

- name: Canal | Install calicoctl wrapper script
  template:
    src: calicoctl.sh.j2
    dest: "{{ bin_dir }}/calicoctl.sh"
    mode: 0755
    owner: root
    group: root

- name: Canal | Create network policy directory
  file:
    path: "{{ canal_policy_dir }}"
    state: directory