From 4b80a7f6fed11cc3ae554782b340fcd597dcffbd Mon Sep 17 00:00:00 2001
From: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com>
Date: Wed, 22 Jul 2020 12:08:04 +0500
Subject: [PATCH] Felix configuration via extraenvs of calico node (#6433)

---
 docs/calico.md                                           | 9 +++++++++
 roles/network_plugin/calico/templates/calico-node.yml.j2 | 6 ++++++
 2 files changed, 15 insertions(+)

diff --git a/docs/calico.md b/docs/calico.md
index 51f8858fe..04fca73bc 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -235,6 +235,15 @@ Note that in OpenStack you must allow `ipip` traffic in your security groups,
 otherwise you will experience timeouts.
 To do this you must add a rule which allows it, for example:
 
+### Optional : Felix configuration via extraenvs of calico node
+
+Possible environment variable parameters for [configuring Felix](https://docs.projectcalico.org/reference/felix/configuration)
+
+```yml
+calico_node_extra_envs:
+    FELIX_DEVICEROUTESOURCEADDRESS: 172.17.0.1
+```
+
 ```ShellSession
 neutron  security-group-rule-create  --protocol 4  --direction egress  k8s-a0tp4t
 neutron  security-group-rule-create  --protocol 4  --direction igress  k8s-a0tp4t
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 7b125be52..cd0ca4b26 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -267,6 +267,12 @@ spec:
               value: "true"
             - name: FELIX_IGNORELOOSERPF
               value: "{{ calico_node_ignorelooserpf }}"
+{% if calico_node_extra_envs is defined %}
+{% for key in calico_node_extra_envs %}
+            - name: {{ key }}
+              value: "{{ calico_node_extra_envs[key] }}"
+{% endfor %}
+{% endif %}
           securityContext:
             privileged: true
           resources: