From 952cad8d632a17419298cd3a6ae19328d9ab6a8d Mon Sep 17 00:00:00 2001
From: Ho Kim <ho.kim@ulagbulag.io>
Date: Tue, 13 Sep 2022 16:19:07 +0900
Subject: [PATCH] Remove mutual exclusivity in calico: NAT and router mode
 (#9255)

* Add optional NAT support in calico router mode

* Add a blank line in front of lists

* Remove mutual exclusivity: NAT and router mode

* Ignore router mode from NAT

* Update calico doc
---
 docs/calico.md                                | 11 ++++++++---
 roles/network_plugin/calico/tasks/install.yml |  4 ++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/docs/calico.md b/docs/calico.md
index a93b5cf5e..1473e49fb 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -72,9 +72,14 @@ calico_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
 
 In some cases you may want to route the pods subnet and so NAT is not needed on the nodes.
 For instance if you have a cluster spread on different locations and you want your pods to talk each other no matter where they are located.
-The following variables need to be set:
-`peer_with_router` to enable the peering with the datacenter's border router (default value: false).
-you'll need to edit the inventory and add a hostvar `local_as` by node.
+The following variables need to be set as follow:
+
+```yml
+peer_with_router: true  # enable the peering with the datacenter's border router (default value: false).
+nat_outgoing: false  # (optional) NAT outgoing (default value: true).
+```
+
+And you'll need to edit the inventory and add a hostvar `local_as` by node.
 
 ```ShellSession
 node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 040519918..d55c910ac 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -227,7 +227,7 @@
               "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
               "ipipMode": "{{ calico_ipip_mode }}",
               "vxlanMode": "{{ calico_vxlan_mode }}",
-              "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}
+              "natOutgoing": {{ nat_outgoing|default(false) }}
             }
           }
 
@@ -266,7 +266,7 @@
               "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
               "ipipMode": "{{ calico_ipip_mode_ipv6 }}",
               "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
-              "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }}
+              "natOutgoing": {{ nat_outgoing_ipv6|default(false) }}
             }
           }