From 10f162d52aacee13024f3e5eae7ce1fe9f281d1a Mon Sep 17 00:00:00 2001 From: Aleksandr Didenko Date: Thu, 21 Jul 2016 13:05:40 +0200 Subject: [PATCH 1/2] Support --ipip option for calico pool Adds new boolean configuration variable for calico network plugin `ipip`. When it's enabled calico pool is created with '--ipip' option (IP-over-IP encapsulation across hosts). Also refactor pool creation tasks to simplify logic and make tasks more readable. --- roles/network_plugin/calico/defaults/main.yml | 3 ++ roles/network_plugin/calico/tasks/main.yml | 28 +++++++++++-------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml index e55b3ab4b..7482970cd 100644 --- a/roles/network_plugin/calico/defaults/main.yml +++ b/roles/network_plugin/calico/defaults/main.yml @@ -2,6 +2,9 @@ # Enables Internet connectivity from containers nat_outgoing: true +# Use IP-over-IP encapsulation across hosts +ipip: false + # cloud_provider can only be set to 'gce' or 'aws' # cloud_provider: calicoctl_image_repo: calico/ctl diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml index 7e732d632..4a568fbc2 100644 --- a/roles/network_plugin/calico/tasks/main.yml +++ b/roles/network_plugin/calico/tasks/main.yml @@ -50,23 +50,27 @@ register: calico_conf run_once: true -- name: Calico | Configure calico network pool - command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }}" +- name: Calico | Define ipip pool argument run_once: true - when: calico_conf.status == 404 and cloud_provider is not defined - and not nat_outgoing|default(false) or - (nat_outgoing|default(false) and peer_with_router|default(false)) + set_fact: + ipip_arg: "--ipip" + when: cloud_provider is defined or ipip|default(false) -- name: Calico | Configure calico network pool for cloud - command: "{{ bin_dir }}/calicoctl pool add {{ kube_pods_subnet }} --ipip --nat-outgoing" +- name: Calico | Define nat-outgoing pool argument run_once: true - when: calico_conf.status == 404 and cloud_provider is defined + set_fact: + nat_arg: "--nat-outgoing" + when: nat_outgoing|default(false) and not peer_with_router|default(false) -- name: Calico | Configure calico network pool with nat outgoing - command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} --nat-outgoing" +- name: Calico | Define calico pool task name + set_fact: + pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}" + when: ipip_arg|default(false) or nat_arg|default(false) + +- name: Calico | Configure calico network pool {{ pool_task_name|default('') }} + command: "{{ bin_dir}}/calicoctl pool add {{ kube_pods_subnet }} {{ ipip_arg|default('') }} {{ nat_arg|default('') }}" run_once: true - when: calico_conf.status == 404 and cloud_provider is not defined - and nat_outgoing|default(false) and not peer_with_router|default(false) + when: calico_conf.status == 404 - name: Calico | Get calico configuration from etcd uri: From 0ab89db39222e0f39a0834c914803192c0bbe440 Mon Sep 17 00:00:00 2001 From: Aleksandr Didenko Date: Wed, 27 Jul 2016 15:55:41 +0200 Subject: [PATCH 2/2] Add run_once to define calico pool task name --- roles/network_plugin/calico/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml index 4a568fbc2..a815feecf 100644 --- a/roles/network_plugin/calico/tasks/main.yml +++ b/roles/network_plugin/calico/tasks/main.yml @@ -63,6 +63,7 @@ when: nat_outgoing|default(false) and not peer_with_router|default(false) - name: Calico | Define calico pool task name + run_once: true set_fact: pool_task_name: "with options {{ ipip_arg|default('') }} {{ nat_arg|default('') }}" when: ipip_arg|default(false) or nat_arg|default(false)