richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4191 Commits
33 Branches
82 Tags
154 MiB
Tree: 2560c4dda3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2560c4dda3'
${ noResults }
kubespray/roles/network_plugin/calico/tasks/install.yml

371 lines
12 KiB
Raw Normal View History

calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
change permission after unarchive (#4191)
6 years ago
Use download binary instead of copying from the container (#3786)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) (#4131) * Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) * Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
changed_when:false (#4189)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) (#4131) * Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) * Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
6 years ago
add blockSize to IPPool spec for Calico >= v3.3.0 (#4224) * add blockSize to IPPool spec for Calico >= v3.3.0 * fix "cidr" spec in Calico IPPool resource for my PR
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) (#4131) * Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) * Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
6 years ago
remove capitalize filter
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
add blockSize to IPPool spec for Calico >= v3.3.0 (#4224) * add blockSize to IPPool spec for Calico >= v3.3.0 * fix "cidr" spec in Calico IPPool resource for my PR
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) (#4131) * Calico: Ability to define the default IPPool CIDR (instead of kube_pods_subnet) * Documentation for calico_pool_cidr (and calico_advertise_cluster_ips which has been forgotten...)
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
skip-exists is an flag for create command, not for calicoctl (#3401)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
refactor to base on calico_version
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Put back legacy support for calico ippools and bgp settings
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492)
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492)
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492)
6 years ago
Calico: Ability to define global peers (#3493)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fixes BGPPeer resource for calico >= 3.0.0
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Ensures BGPPeer resource names are unique
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix calico peering with router(s) (#3547)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Calico: Ability to define global peers (#3493)
6 years ago
Fix backward compatibility with calico 2.6
6 years ago
Fix calico peering with router(s) (#3547)
6 years ago
Calico: Ability to define global peers (#3493)
6 years ago
Fix calico peering with router(s) (#3547)
6 years ago
Calico: Ability to define global peers (#3493)
6 years ago
Fix calico peering with router(s) (#3547)
6 years ago
Calico: Ability to define global peers (#3493)
6 years ago
Fix backward compatibility with calico 2.6
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Update install.yml
6 years ago
Fix backward compatibility with calico 2.6
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fixes BGPPeer resource for calico >= 3.0.0
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Remove hard dependence on facts for all nodes (#4304) * Remove hard dependence on facts for all nodes * Update main.yaml * Update main.yaml
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Remove hard dependence on facts for all nodes (#4304) * Remove hard dependence on facts for all nodes * Update main.yaml * Update main.yaml
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Fix backward compatibility with calico 2.6
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Fix backward compatibility with calico 2.6
6 years ago
Remove hard dependence on facts for all nodes (#4304) * Remove hard dependence on facts for all nodes * Update main.yaml * Update main.yaml
6 years ago
Fix backward compatibility with calico 2.6
6 years ago
Fix ansible syntax to avoid ansible deprecation warnings (#3512) * failed * version_compare * succeeded * skipped * success * version_compare becomes version since ansible 2.5 * ansible minimal version updated in doc and spec * last version_compare
6 years ago
Update install.yml
6 years ago
Fix backward compatibility with calico 2.6
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
remove capitalize filter
6 years ago
  1. ---
  2. - name: Calico | Write Calico cni config
  3. template:
  4. src: "cni-calico.conflist.j2"
  5. dest: "/etc/cni/net.d/{% if calico_version is version('v3.3.0', '>=') %}calico.conflist.template{% else %}10-calico.conflist{% endif %}"
  6. owner: kube
  8. - name: Calico | Create calico certs directory
  9. file:
  10. dest: "{{ calico_cert_dir }}"
  11. state: directory
  12. mode: 0750
  13. owner: root
  14. group: root
  16. - name: Calico | Link etcd certificates for calico-node
  17. file:
  18. src: "{{ etcd_cert_dir }}/{{ item.s }}"
  19. dest: "{{ calico_cert_dir }}/{{ item.d }}"
  20. state: hard
  21. force: yes
  22. with_items:
  23. - {s: "ca.pem", d: "ca_cert.crt"}
  24. - {s: "node-{{ inventory_hostname }}.pem", d: "cert.crt"}
  25. - {s: "node-{{ inventory_hostname }}-key.pem", d: "key.pem"}
  27. - name: Calico | Install calicoctl container script
  28. template:
  29. src: calicoctl-container.j2
  30. dest: "{{ bin_dir }}/calicoctl"
  31. mode: 0755
  32. owner: root
  33. group: root
  34. changed_when: false
  36. - name: Calico | Copy cni plugins
  37. unarchive:
  38. src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
  39. dest: "/opt/cni/bin"
  40. mode: 0755
  41. remote_src: yes
  43. - name: Calico | Set cni directory permissions
  44. file:
  45. path: /opt/cni/bin
  46. state: directory
  47. owner: kube
  48. recurse: true
  49. mode: 0755
  51. - name: Calico | Copy cni plugins from calico/cni container
  52. command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
  53. register: cni_task_result
  54. until: cni_task_result.rc == 0
  55. retries: 4
  56. delay: "{{ retry_stagger | random + 3 }}"
  57. changed_when: false
  58. when:
  59. - "overwrite_hyperkube_cni|bool"
  60. tags:
  61. - hyperkube
  62. - upgrade
  64. - name: Calico | wait for etcd
  65. uri:
  66. url: "{{ etcd_access_addresses.split(',') | first }}/health"
  67. validate_certs: no
  68. client_cert: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
  69. client_key: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
  70. register: result
  71. until: result.status == 200 or result.status == 401
  72. retries: 10
  73. delay: 5
  74. run_once: true
  76. - name: Calico | Check if calico network pool has already been configured
  77. shell: >
  78. {{ bin_dir }}/calicoctl get ippool | grep -w "{{ calico_pool_cidr | default(kube_pods_subnet) }}" | wc -l
  79. register: calico_conf
  80. retries: 4
  81. delay: "{{ retry_stagger | random + 3 }}"
  82. delegate_to: "{{ groups['kube-master'][0] }}"
  83. run_once: true
  84. changed_when: false
  86. - name: Calico | Ensure that calico_pool_cidr is within kube_pods_subnet when defined
  87. assert:
  88. that: "[calico_pool_cidr] | ipaddr(kube_pods_subnet) | length == 1"
  89. msg: "{{ calico_pool_cidr }} is not within or equal to {{ kube_pods_subnet }}"
  90. delegate_to: localhost
  91. run_once: true
  92. when:
  93. - 'calico_conf.stdout == "0"'
  94. - calico_pool_cidr is defined
  96. - name: Calico | Configure calico network pool (v3.0.0 <= version < v3.3.0)
  97. shell: >
  98. echo "
  99. { "kind": "IPPool",
  100. "apiVersion": "projectcalico.org/v3",
  101. "metadata": {
  102. "name": "{{ calico_pool_name }}",
  103. },
  104. "spec": {
  105. "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
  106. "ipipMode": "{{ ipip_mode }}",
  107. "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl create -f -
  108. run_once: true
  109. delegate_to: "{{ groups['kube-master'][0] }}"
  110. when:
  111. - 'calico_conf.stdout == "0"'
  112. - calico_version is version("v3.0.0", ">=")
  113. - calico_version is version("v3.3.0", "<")
  115. - name: Calico | Configure calico network pool (version >= v3.3.0)
  116. shell: >
  117. echo "
  118. { "kind": "IPPool",
  119. "apiVersion": "projectcalico.org/v3",
  120. "metadata": {
  121. "name": "{{ calico_pool_name }}",
  122. },
  123. "spec": {
  124. "blockSize": "{{ kube_network_node_prefix }}",
  125. "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
  126. "ipipMode": "{{ ipip_mode }}",
  127. "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl create -f -
  128. run_once: true
  129. delegate_to: "{{ groups['kube-master'][0] }}"
  130. when:
  131. - 'calico_conf.stdout == "0"'
  132. - calico_version is version("v3.3.0", ">=")
  134. - name: Calico | Configure calico network pool (legacy)
  135. shell: >
  136. echo '
  137. { "kind": "ipPool",
  138. "spec": {"disabled": false, "ipip": {"enabled": {{ ipip }}, "mode": "{{ ipip_mode|lower }}"},
  139. "nat-outgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}},
  140. "apiVersion": "v1",
  141. "metadata": {"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}"}
  142. }' | {{ bin_dir }}/calicoctl apply -f -
  143. environment:
  144. NO_DEFAULT_POOLS: true
  145. run_once: true
  146. delegate_to: "{{ groups['kube-master'][0] }}"
  147. when:
  148. - 'calico_conf.stdout == "0"'
  149. - calico_version is version("v3.0.0", "<")
  151. - name: "Determine nodeToNodeMesh needed state"
  152. set_fact:
  153. nodeToNodeMeshEnabled: "false"
  154. when:
  155. - peer_with_router|default(false) or peer_with_calico_rr|default(false)
  156. - inventory_hostname in groups['k8s-cluster']
  157. run_once: yes
  159. - name: Calico | Set global as_num
  160. shell: >
  161. echo '
  162. { "kind": "BGPConfiguration",
  163. "apiVersion": "projectcalico.org/v3",
  164. "metadata": {
  165. "name": "default",
  166. },
  167. "spec": {
  168. "logSeverityScreen": "Info",
  169. "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} ,
  170. "asNumber": {{ global_as_num }} }} ' | {{ bin_dir }}/calicoctl create --skip-exists -f -
  171. run_once: true
  172. delegate_to: "{{ groups['kube-master'][0] }}"
  173. when:
  174. - calico_version is version('v3.0.0', '>=')
  176. - name: Calico | Set global as_num (legacy)
  177. command: "{{ bin_dir}}/calicoctl config set asNumber {{ global_as_num }}"
  178. run_once: true
  179. when:
  180. - calico_version is version('v3.0.0', '<')
  182. - name: Calico | Disable node mesh (legacy)
  183. command: "{{ bin_dir }}/calicoctl config set nodeToNodeMesh off"
  184. run_once: yes
  185. when:
  186. - calico_version is version('v3.0.0', '<')
  187. - nodeToMeshEnabled|default(True)
  189. - name: Calico | Configure node asNumber for per node peering
  190. shell: >
  191. echo '{
  192. "apiVersion": "projectcalico.org/v3",
  193. "kind": "Node",
  194. "metadata": {
  195. "name": "{{ inventory_hostname }}"
  196. },
  197. "spec": {
  198. "bgp": {
  199. "asNumber": "{{ local_as }}"
  200. },
  201. "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}]
  202. }}' | {{ bin_dir }}/calicoctl create --skip-exists -f -
  203. retries: 4
  204. delay: "{{ retry_stagger | random + 3 }}"
  205. when:
  206. - calico_version is version('v3.0.0', '>=')
  207. - peer_with_router|default(false)
  208. - inventory_hostname in groups['k8s-cluster']
  209. - local_as is defined
  210. - groups['calico-rr'] | default([]) | length == 0
  212. - name: Calico | Configure node asNumber for per node peering (legacy)
  213. shell: >
  214. echo '{
  215. "apiVersion": "v1",
  216. "kind": "node",
  217. "metadata": {
  218. "name": "{{ inventory_hostname }}"
  219. },
  220. "spec": {
  221. "bgp": {
  222. "asNumber": "{{ local_as }}"
  223. },
  224. "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}]
  225. }}' | {{ bin_dir }}/calicoctl create --skip-exists -f -
  226. retries: 4
  227. delay: "{{ retry_stagger | random + 3 }}"
  228. when:
  229. - calico_version is version('v3.0.0', '<')
  230. - peer_with_router|default(false)
  231. - inventory_hostname in groups['k8s-cluster']
  232. - local_as is defined
  233. - groups['calico-rr'] | default([]) | length == 0
  235. - name: Calico | Configure peering with router(s) at node scope
  236. shell: >
  237. echo '{
  238. "apiVersion": "projectcalico.org/v3",
  239. "kind": "BGPPeer",
  240. "metadata": {
  241. "name": "{{ inventory_hostname }}-{{ item.router_id }}"
  242. },
  243. "spec": {
  244. "asNumber": "{{ item.as }}",
  245. "node": "{{ inventory_hostname }}",
  246. "peerIP": "{{ item.router_id }}"
  247. }}' | {{ bin_dir }}/calicoctl create --skip-exists -f -
  248. retries: 4
  249. delay: "{{ retry_stagger | random + 3 }}"
  250. with_items:
  251. - "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
  252. when:
  253. - calico_version is version('v3.0.0', '>=')
  254. - peer_with_router|default(false)
  255. - inventory_hostname in groups['k8s-cluster']
  257. - name: Calico | Configure peering with router(s) at node scope (legacy)
  258. shell: >
  259. echo '{
  260. "kind": "bgpPeer",
  261. "spec": {"asNumber": "{{ item.as }}"},
  262. "apiVersion": "v1",
  263. "metadata": {"node": "{{ inventory_hostname }}", "scope": "node", "peerIP": "{{ item.router_id }}"}
  264. }'
  265. | {{ bin_dir }}/calicoctl create --skip-exists -f -
  266. retries: 4
  267. delay: "{{ retry_stagger | random + 3 }}"
  268. with_items: "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
  269. when:
  270. - calico_version | version_compare('v3.0.0', '<')
  271. - peer_with_router|default(false)
  272. - inventory_hostname in groups['k8s-cluster']
  274. - name: Calico | Configure peering with router(s) at global scope
  275. shell: >
  276. echo '{
  277. "apiVersion": "projectcalico.org/v3",
  278. "kind": "BGPPeer",
  279. "metadata": {
  280. "name": "global-{{ item.router_id }}"
  281. },
  282. "spec": {
  283. "asNumber": "{{ item.as }}",
  284. "peerIP": "{{ item.router_id }}"
  285. }}' | {{ bin_dir }}/calicoctl create --skip-exists -f -
  286. retries: 4
  287. delay: "{{ retry_stagger | random + 3 }}"
  288. with_items:
  289. - "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|list|default([]) }}"
  290. run_once: true
  291. when:
  292. - calico_version | version_compare('v3.0.0', '>=')
  293. - peer_with_router|default(false)
  294. - inventory_hostname in groups['k8s-cluster']
  296. - name: Calico | Configure peering with router(s) at global scope (legacy)
  297. shell: >
  298. echo '{
  299. "kind": "bgpPeer",
  300. "spec": {"asNumber": "{{ item.as }}"},
  301. "apiVersion": "v1",
  302. "metadata": {"scope": "global", "peerIP": "{{ item.router_id }}"}
  303. }'
  304. | {{ bin_dir }}/calicoctl create --skip-exists -f -
  305. retries: 4
  306. delay: "{{ retry_stagger | random + 3 }}"
  307. with_items: "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|default([]) }}"
  308. run_once: true
  309. when:
  310. - calico_version is version('v3.0.0', '<')
  311. - peer_with_router|default(false)
  312. - inventory_hostname in groups['k8s-cluster']
  314. - name: Calico | Configure peering with route reflectors
  315. shell: >
  316. echo '{
  317. "apiVersion": "projectcalico.org/v3",
  318. "kind": "BGPPeer",
  319. "metadata": {
  320. "name": "{{ inventory_hostname }}-{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
  321. },
  322. "spec": {
  323. "asNumber": "{{ local_as | default(global_as_num)}}",
  324. "node": "{{ inventory_hostname }}",
  325. "peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"
  326. }}' | {{ bin_dir }}/calicoctl create --skip-exists -f -
  327. retries: 4
  328. delay: "{{ retry_stagger | random + 3 }}"
  329. with_items:
  330. - "{{ groups['calico-rr'] | default([]) }}"
  331. when:
  332. - calico_version is version('v3.0.0', '>=')
  333. - peer_with_calico_rr|default(false)
  334. - inventory_hostname in groups['k8s-cluster']
  335. - hostvars[item]['cluster_id'] == cluster_id
  337. - name: Calico | Configure peering with route reflectors (legacy)
  338. shell: >
  339. echo '{
  340. "kind": "bgpPeer",
  341. "spec": {"asNumber": "{{ local_as | default(global_as_num)}}"},
  342. "apiVersion": "v1",
  343. "metadata": {"node": "{{ inventory_hostname }}",
  344. "scope": "node",
  345. "peerIP": "{{ hostvars[item]["calico_rr_ip"]|default(hostvars[item]["ip"])|default(fallback_ips[item]) }}"}
  346. }'
  347. | {{ bin_dir }}/calicoctl create --skip-exists -f -
  348. retries: 4
  349. delay: "{{ retry_stagger | random + 3 }}"
  350. with_items: "{{ groups['calico-rr'] | default([]) }}"
  351. when:
  352. - calico_version is version('v3.0.0', '<')
  353. - not calico_upgrade_enabled
  354. - peer_with_calico_rr|default(false)
  355. - hostvars[item]['cluster_id'] == cluster_id
  358. - name: Calico | Create calico manifests
  359. template:
  360. src: "{{item.file}}.j2"
  361. dest: "{{kube_config_dir}}/{{item.file}}"
  362. with_items:
  363. - {name: calico-config, file: calico-config.yml, type: cm}
  364. - {name: calico-node, file: calico-node.yml, type: ds}
  365. - {name: calico, file: calico-node-sa.yml, type: sa}
  366. - {name: calico, file: calico-cr.yml, type: clusterrole}
  367. - {name: calico, file: calico-crb.yml, type: clusterrolebinding}
  368. register: calico_node_manifests
  369. when:
  370. - inventory_hostname in groups['kube-master']
  371. - rbac_enabled or item.type not in rbac_resources