diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 3b93d2c7f..b75c93d82 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -10,16 +10,10 @@ run_once: yes - name: "Get current version of calico cluster version" - shell: "{{ bin_dir }}/calicoctl version | grep 'Cluster Version:' | awk '{ print $3}'" + shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'" register: calico_version_on_server run_once: yes changed_when: false - environment: - ETCD_ENDPOINTS: "{{ etcd_access_addresses }}" - ETCD_CA_CERT_FILE: "{{ calico_cert_dir }}/ca_cert.crt" - ETCD_CERT_FILE: "{{ calico_cert_dir }}/cert.crt" - ETCD_KEY_FILE: "{{ calico_cert_dir }}/key.pem" - - name: "Determine if calico upgrade is needed" block: diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index aa5f1f729..287552640 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -35,7 +35,7 @@ - name: Calico | Install calicoctl wrapper script template: - src: calicoctl.sh.j2 + src: "calicoctl.{{ calico_datastore }}.sh.j2" dest: "{{ bin_dir }}/calicoctl.sh" mode: 0755 owner: root @@ -73,6 +73,32 @@ - 'calico_conf.stdout == "0"' - calico_pool_cidr is defined +- name: Calico | Create calico manifests for kdd + template: + src: "{{ item.file }}.j2" + dest: "{{ kube_config_dir }}/{{ item.file }}" + with_items: + - {name: calico, file: kdd-crds.yml, type: kdd} + register: calico_node_kdd_manifest + when: + - inventory_hostname in groups['kube-master'] + - calico_datastore == "kdd" + +- name: Start Calico resources + kube: + name: "{{ item.item.name }}" + namespace: "kube-system" + kubectl: "{{ bin_dir }}/kubectl" + resource: "{{ item.item.type }}" + filename: "{{ kube_config_dir }}/{{ item.item.file }}" + state: "latest" + with_items: + - "{{ calico_node_kdd_manifest.results }}" + when: + - inventory_hostname == groups['kube-master'][0] and not item is skipped + loop_control: + label: "{{ item.item.file }}" + - name: Calico | Configure calico network pool (v3.0.0 <= version < v3.3.0) shell: > echo " @@ -180,9 +206,10 @@ "asNumber": "{{ local_as }}" }, "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}] - }}' | {{ bin_dir }}/calicoctl.sh create --skip-exists -f - + }}' | {{ bin_dir }}/calicoctl.sh {{ 'apply -f -' if calico_datastore == "kdd" else 'create --skip-exists -f -' }} retries: 4 delay: "{{ retry_stagger | random + 3 }}" + delegate_to: "{{ groups['kube-master'][0] }}" when: - calico_version is version('v3.0.0', '>=') - peer_with_router|default(false) @@ -230,6 +257,7 @@ delay: "{{ retry_stagger | random + 3 }}" with_items: - "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}" + delegate_to: "{{ groups['kube-master'][0] }}" when: - calico_version is version('v3.0.0', '>=') - peer_with_router|default(false) @@ -269,6 +297,7 @@ with_items: - "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|list|default([]) }}" run_once: true + delegate_to: "{{ groups['kube-master'][0] }}" when: - calico_version | version_compare('v3.0.0', '>=') - peer_with_router|default(false) @@ -309,6 +338,7 @@ delay: "{{ retry_stagger | random + 3 }}" with_items: - "{{ groups['calico-rr'] | default([]) }}" + delegate_to: "{{ groups['kube-master'][0] }}" when: - calico_version is version('v3.0.0', '>=') - peer_with_calico_rr|default(false) @@ -351,17 +381,6 @@ - inventory_hostname in groups['kube-master'] - rbac_enabled or item.type not in rbac_resources -- name: Calico | Create calico manifests for kdd - template: - src: "{{ item.file }}.j2" - dest: "{{ kube_config_dir }}/{{ item.file }}" - with_items: - - {name: calico, file: kdd-crds.yml, type: kdd} - register: calico_node_kdd_manifest - when: - - inventory_hostname in groups['kube-master'] - - calico_datastore == "kdd" - - name: Calico | Create calico manifests for typha template: src: "{{ item.file }}.j2" diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2 index ffb05c872..6d0b6a63f 100644 --- a/roles/network_plugin/calico/templates/calico-node.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-node.yml.j2 @@ -145,11 +145,6 @@ spec: # Wait for the datastore. - name: WAIT_FOR_DATASTORE value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName {% endif %} # Choose the backend to use. - name: CALICO_NETWORKING_BACKEND @@ -189,7 +184,7 @@ spec: # should be set in etcd before deployment # # Configure the IP Pool from which Pod IPs will be chosen. # - name: CALICO_IPV4POOL_CIDR -# value: "192.168.0.0/16" +# value: "{{ calico_pool_cidr | default(kube_pods_subnet) }}" - name: CALICO_IPV4POOL_IPIP value: "{{ calico_ipv4pool_ipip }}" # Disable IPv6 on Kubernetes. diff --git a/roles/network_plugin/calico/templates/calicoctl.sh.j2 b/roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2 similarity index 100% rename from roles/network_plugin/calico/templates/calicoctl.sh.j2 rename to roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2 diff --git a/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 new file mode 100644 index 000000000..c795dcb05 --- /dev/null +++ b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/bash +DATASTORE_TYPE=kubernetes \ +{% if inventory_hostname in groups['kube-master'] %} +KUBECONFIG={{ kube_config_dir }}/admin.conf \ +{% endif %} +{{ bin_dir }}/calicoctl "$@"