k8s-sig-cluster-lifecycleawskubesprayhigh-availabilityansiblekubernetes-clustergcekubernetesbare-metal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
208 lines
7.6 KiB
208 lines
7.6 KiB
---
|
|
- name: Stop if legacy encapsulation variables are detected (ipip)
|
|
assert:
|
|
that:
|
|
- ipip is not defined
|
|
msg: "'ipip' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: Stop if legacy encapsulation variables are detected (ipip_mode)
|
|
assert:
|
|
that:
|
|
- ipip_mode is not defined
|
|
msg: "'ipip_mode' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: Stop if legacy encapsulation variables are detected (calcio_ipam_autoallocateblocks)
|
|
assert:
|
|
that:
|
|
- calcio_ipam_autoallocateblocks is not defined
|
|
msg: "'calcio_ipam_autoallocateblocks' configuration variable is deprecated, it's a typo, please configure your inventory with 'calico_ipam_autoallocateblocks' set to 'true' or 'false' according to your specific needs"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
|
|
- name: Stop if incompatible network plugin and cloudprovider
|
|
assert:
|
|
that:
|
|
- calico_ipip_mode == 'Never'
|
|
- calico_vxlan_mode in ['Always', 'CrossSubnet']
|
|
msg: "When using cloud_provider azure and network_plugin calico calico_ipip_mode must be 'Never' and calico_vxlan_mode 'Always' or 'CrossSubnet'"
|
|
when:
|
|
- cloud_provider is defined and cloud_provider == 'azure'
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: Stop if supported Calico versions
|
|
assert:
|
|
that:
|
|
- "calico_version in calico_crds_archive_checksums.keys()"
|
|
msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.keys() }}"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: Check if calicoctl.sh exists
|
|
stat:
|
|
path: "{{ bin_dir }}/calicoctl.sh"
|
|
register: calicoctl_sh_exists
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: Check if calico ready
|
|
command: "{{ bin_dir }}/calicoctl.sh get ClusterInformation default"
|
|
register: calico_ready
|
|
run_once: true
|
|
ignore_errors: true
|
|
retries: 5
|
|
delay: 10
|
|
until: calico_ready.rc == 0
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
when: calicoctl_sh_exists.stat.exists
|
|
|
|
- name: Check that current calico version is enough for upgrade
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
when: calicoctl_sh_exists.stat.exists and calico_ready.rc == 0
|
|
block:
|
|
- name: Get current calico version
|
|
shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Client Version:' | awk '{ print $3}'"
|
|
args:
|
|
executable: /bin/bash
|
|
register: calico_version_on_server
|
|
changed_when: false
|
|
|
|
- name: Assert that current calico version is enough for upgrade
|
|
assert:
|
|
that:
|
|
- calico_version_on_server.stdout is version(calico_min_version_required, '>=')
|
|
msg: >
|
|
Your version of calico is not fresh enough for upgrade.
|
|
Minimum version is {{ calico_min_version_required }} supported by the previous kubespray release.
|
|
But current version is {{ calico_version_on_server.stdout }}.
|
|
|
|
- name: "Check that cluster_id is set and a valid IPv4 address if calico_rr enabled"
|
|
assert:
|
|
that:
|
|
- cluster_id is defined
|
|
- cluster_id is ansible.utils.ipv4
|
|
msg: "A unique cluster_id is required if using calico_rr, and it must be a valid IPv4 address"
|
|
when:
|
|
- peer_with_calico_rr
|
|
- inventory_hostname == groups['kube_control_plane'][0]
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check that calico_rr nodes are in k8s_cluster group"
|
|
assert:
|
|
that:
|
|
- '"k8s_cluster" in group_names'
|
|
msg: "calico_rr must be a child group of k8s_cluster group"
|
|
when:
|
|
- '"calico_rr" in group_names'
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check vars defined correctly"
|
|
assert:
|
|
that:
|
|
- "calico_pool_name is defined"
|
|
- "calico_pool_name is match('^[a-zA-Z0-9-_\\\\.]{2,63}$')"
|
|
msg: "calico_pool_name contains invalid characters"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check calico network backend defined correctly"
|
|
assert:
|
|
that:
|
|
- "calico_network_backend in ['bird', 'vxlan', 'none']"
|
|
msg: "calico network backend is not 'bird', 'vxlan' or 'none'"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check ipip and vxlan mode defined correctly"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
assert:
|
|
that:
|
|
- "calico_ipip_mode in ['Always', 'CrossSubnet', 'Never']"
|
|
- "calico_vxlan_mode in ['Always', 'CrossSubnet', 'Never']"
|
|
msg: "calico inter host encapsulation mode is not 'Always', 'CrossSubnet' or 'Never'"
|
|
|
|
- name: "Check ipip and vxlan mode if simultaneously enabled"
|
|
assert:
|
|
that:
|
|
- "calico_vxlan_mode in ['Never']"
|
|
msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
|
|
when:
|
|
- "calico_ipip_mode in ['Always', 'CrossSubnet']"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check ipip and vxlan mode if simultaneously enabled"
|
|
assert:
|
|
that:
|
|
- "calico_ipip_mode in ['Never']"
|
|
msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
|
|
when:
|
|
- "calico_vxlan_mode in ['Always', 'CrossSubnet']"
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Get Calico {{ calico_pool_name }} configuration"
|
|
command: "{{ bin_dir }}/calicoctl.sh get ipPool {{ calico_pool_name }} -o json"
|
|
failed_when: false
|
|
changed_when: false
|
|
check_mode: false
|
|
register: calico
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Set calico_pool_conf"
|
|
set_fact:
|
|
calico_pool_conf: '{{ calico.stdout | from_json }}'
|
|
when: calico.rc == 0 and calico.stdout
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check if inventory match current cluster configuration"
|
|
assert:
|
|
that:
|
|
- calico_pool_conf.spec.blockSize | int == calico_pool_blocksize | int
|
|
- calico_pool_conf.spec.cidr == (calico_pool_cidr | default(kube_pods_subnet))
|
|
- not calico_pool_conf.spec.ipipMode is defined or calico_pool_conf.spec.ipipMode == calico_ipip_mode
|
|
- not calico_pool_conf.spec.vxlanMode is defined or calico_pool_conf.spec.vxlanMode == calico_vxlan_mode
|
|
msg: "Your inventory doesn't match the current cluster configuration"
|
|
when:
|
|
- calico_pool_conf is defined
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check kdd calico_datastore if calico_apiserver_enabled"
|
|
assert:
|
|
that: calico_datastore == "kdd"
|
|
msg: "When using calico apiserver you need to use the kubernetes datastore"
|
|
when:
|
|
- calico_apiserver_enabled
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check kdd calico_datastore if typha_enabled"
|
|
assert:
|
|
that: calico_datastore == "kdd"
|
|
msg: "When using typha you need to use the kubernetes datastore"
|
|
when:
|
|
- typha_enabled
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|
|
|
|
- name: "Check ipip mode is Never for calico ipv6"
|
|
assert:
|
|
that:
|
|
- "calico_ipip_mode_ipv6 in ['Never']"
|
|
msg: "Calico doesn't support ipip tunneling for the IPv6"
|
|
when:
|
|
- enable_dual_stack_networks
|
|
run_once: true
|
|
delegate_to: "{{ groups['kube_control_plane'][0] }}"
|