richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #8815 from simplekube-ro/dont_clobber_calico 

[calico] don't clobber calico options set by the user
pull/8869/head
Kenichi Omichi 2 years ago
committed by GitHub
parent
82590eb087 569a319ff5
commit
dc2a18e436
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 150 additions and 75 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 225
      roles/network_plugin/calico/tasks/install.yml

225
roles/network_plugin/calico/tasks/install.yml
View File

@ -156,68 +156,125 @@
- inventory_hostname in groups['kube_control_plane']
- calico_datastore == "kdd"
- name: Calico | Configure calico FelixConfiguration
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
vars:
stdin: >
{ "kind": "FelixConfiguration",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "default",
},
"spec": {
"ipipEnabled": {{ calico_ipip_mode != 'Never' }},
"reportingInterval": "{{ calico_felix_reporting_interval }}",
"bpfLogLevel": "{{ calico_bpf_log_level }}",
"bpfEnabled": {{ calico_bpf_enabled | bool }},
"bpfExternalServiceMode": "{{ calico_bpf_service_mode }}",
"wireguardEnabled": {{ calico_wireguard_enabled | bool }},
"logSeverityScreen": "{{ calico_felix_log_severity_screen }}",
"vxlanEnabled": {{ calico_vxlan_mode != 'Never' }} }}
- block:
- name: Calico | Get existing FelixConfiguration
command: "{{ bin_dir }}/calicoctl.sh get felixconfig default -o json"
register: _felix_cmd
ignore_errors: True
changed_when: False
- name: Calico | Set kubespray FelixConfiguration
set_fact:
_felix_config: >
{
"kind": "FelixConfiguration",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "default",
},
"spec": {
"ipipEnabled": {{ calico_ipip_mode != 'Never' }},
"reportingInterval": "{{ calico_felix_reporting_interval }}",
"bpfLogLevel": "{{ calico_bpf_log_level }}",
"bpfEnabled": {{ calico_bpf_enabled | bool }},
"bpfExternalServiceMode": "{{ calico_bpf_service_mode }}",
"wireguardEnabled": {{ calico_wireguard_enabled | bool }},
"logSeverityScreen": "{{ calico_felix_log_severity_screen }}",
"vxlanEnabled": {{ calico_vxlan_mode != 'Never' }}
}
}
- name: Calico | Process FelixConfiguration
set_fact:
_felix_config: "{{ _felix_cmd.stdout | from_json | combine(_felix_config, recursive=True) }}"
when:
- _felix_cmd is success
- name: Calico | Configure calico FelixConfiguration
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ _felix_config is string | ternary(_felix_config, _felix_config|to_json) }}"
changed_when: False
when:
- inventory_hostname == groups['kube_control_plane'][0]
- name: Calico | Configure calico network pool
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
vars:
stdin: >
{ "kind": "IPPool",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "{{ calico_pool_name }}",
},
"spec": {
"blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }},
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
"ipipMode": "{{ calico_ipip_mode }}",
"vxlanMode": "{{ calico_vxlan_mode }}",
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }}
- block:
- name: Calico | Get existing calico network pool
command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }} -o json"
register: _calico_pool_cmd
ignore_errors: True
changed_when: False
- name: Calico | Set kubespray calico network pool
set_fact:
_calico_pool: >
{
"kind": "IPPool",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "{{ calico_pool_name }}",
},
"spec": {
"blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }},
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
"ipipMode": "{{ calico_ipip_mode }}",
"vxlanMode": "{{ calico_vxlan_mode }}",
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}
}
}
- name: Calico | Process calico network pool
set_fact:
_calico_pool: "{{ _calico_pool_cmd.stdout | from_json | combine(_calico_pool, recursive=True) }}"
when:
- _calico_pool_cmd is success
- name: Calico | Configure calico network pool
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ _calico_pool is string | ternary(_calico_pool, _calico_pool|to_json) }}"
changed_when: False
when:
- inventory_hostname == groups['kube_control_plane'][0]
- 'calico_conf.stdout == "0"'
- name: Calico | Configure calico ipv6 network pool
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: >
{ "kind": "IPPool",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "{{ calico_pool_name }}-ipv6",
},
"spec": {
"blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }},
"cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
"ipipMode": "{{ calico_ipip_mode_ipv6 }}",
"vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
"natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} }}
- block:
- name: Calico | Get existing calico ipv6 network pool
command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json"
register: _calico_pool_ipv6_cmd
ignore_errors: True
changed_when: False
- name: Calico | Set kubespray calico network pool
set_fact:
_calico_pool_ipv6: >
{
"kind": "IPPool",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "{{ calico_pool_name }}-ipv6",
},
"spec": {
"blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }},
"cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
"ipipMode": "{{ calico_ipip_mode_ipv6 }}",
"vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
"natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }}
}
}
- name: Calico | Process calico ipv6 network pool
set_fact:
_calico_pool_ipv6: "{{ _calico_pool_ipv6_cmd.stdout | from_json | combine(_calico_pool_ipv6, recursive=True) }}"
when:
- _calico_pool_ipv6_cmd is success
- name: Calico | Configure calico ipv6 network pool
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ _calico_pool_ipv6 is string | ternary(_calico_pool_ipv6, _calico_pool_ipv6|to_json) }}"
changed_when: False
when:
- inventory_hostname == groups['kube_control_plane'][0]
- calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
- enable_dual_stack_networks | bool
- name: Populate Service External IPs
@ -240,27 +297,45 @@
- inventory_hostname in groups['k8s_cluster']
run_once: yes
- name: Calico | Set up BGP Configuration
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
vars:
stdin: >
{ "kind": "BGPConfiguration",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "default",
},
"spec": {
"listenPort": {{ calico_bgp_listen_port }},
"logSeverityScreen": "Info",
{% if not calico_no_global_as_num|default(false) %}"asNumber": {{ global_as_num }},{% endif %}
"nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} ,
{% if calico_advertise_cluster_ips|default(false) %}
"serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %}
{% if calico_advertise_service_loadbalancer_ips|length > 0 %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %}
"serviceExternalIPs": {{ _service_external_ips|default([]) }} }}
changed_when: false
- block:
- name: Calico | Get existing BGP Configuration
command: "{{ bin_dir }}/calicoctl.sh get bgpconfig default -o json"
register: _bgp_config_cmd
ignore_errors: True
changed_when: False
- name: Calico | Set kubespray BGP Configuration
set_fact:
_bgp_config: >
{
"kind": "BGPConfiguration",
"apiVersion": "projectcalico.org/v3",
"metadata": {
"name": "default",
},
"spec": {
"listenPort": {{ calico_bgp_listen_port }},
"logSeverityScreen": "Info",
{% if not calico_no_global_as_num|default(false) %}"asNumber": {{ global_as_num }},{% endif %}
"nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} ,
{% if calico_advertise_cluster_ips|default(false) %}
"serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %}
{% if calico_advertise_service_loadbalancer_ips|length > 0 %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %}
"serviceExternalIPs": {{ _service_external_ips|default([]) }}
}
}
- name: Calico | Process BGP Configuration
set_fact:
_bgp_config: "{{ _bgp_config_cmd.stdout | from_json | combine(_bgp_config, recursive=True) }}"
when:
- _bgp_config_cmd is success
- name: Calico | Set up BGP Configuration
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ _bgp_config is string | ternary(_bgp_config, _bgp_config|to_json) }}"
changed_when: False
when:
- inventory_hostname == groups['kube_control_plane'][0]

Write Preview
Loading…
Cancel
Save