Add ConfigMap for basic configuration options

Container settings moved from deamonset yaml to a separate
configmap.

roles/kubernetes-apps/ansible/tasks/main.yaml

@@ -19,4 +19,5 @@
   when: inventory_hostname == groups['kube-master'][0]
 
 - include: tasks/calico-policy-controller.yml
-  when: enable_network_policy is defined and enable_network_policy == True
+  when: ( enable_network_policy is defined and enable_network_policy == True ) or
+    ( kube_network_plugin == 'canal' )

roles/kubernetes-apps/network_plugin/canal/tasks/main.yaml

@@ -1,3 +1,12 @@
+- name: Create canal ConfigMap
+  run_once: true
+  kube:
+    name: "canal-config"
+    kubectl: "{{bin_dir}}/kubectl"
+    filename: "/etc/kubernetes/canal-config.yaml"
+    resource: "configmap"
+    namespace: "kube-system"
+
 - name: Start flannel and calico-node
   run_once: true
   kube:

roles/kubernetes/node/templates/cni-canal.conf.j2

@@ -5,11 +5,9 @@
     "type": "calico",
     "etcd_endpoints": "{{ etcd_access_endpoint }}",
     "log_level": "info",
-    {% if enable_network_policy is defined and enable_network_policy == True %}
     "policy": {
       "type": "k8s"
     },
-    {% endif %}
     "kubernetes": {
       "kubeconfig": "{{ kube_config_dir }}/node-kubeconfig.yaml"
     }

roles/network_plugin/canal/tasks/main.yml

@@ -5,7 +5,12 @@
     dest: /etc/flannel-network.json
     backup: yes
 
-- name: Canal | Write canal configuration
+- name: Canal | Write canal configmap
+  template:
+    src: canal-config.yml.j2
+    dest: /etc/kubernetes/canal-config.yaml
+
+- name: Canal | Write canal node configuration
   template:
     src: canal-node.yml.j2
     dest: /etc/kubernetes/canal-node.yaml

roles/network_plugin/canal/templates/canal-config.yml.j2

@@ -0,0 +1,22 @@
+# This ConfigMap can be used to configure a self-hosted Canal installation.
+# See `canal.yaml` for an example of a Canal deployment which uses
+# the config in this ConfigMap.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: canal-config
+data:
+  # Configure this with the location of your etcd cluster.
+  etcd_endpoints: "{{ etcd_access_endpoint }}"
+
+  # The interface used by canal for host <-> host communication.
+  # If left blank, then the interface is chosing using the node's
+  # default route.
+  flanneld_iface: "{{ canal_iface }}"
+
+  # Whether or not to masquerade traffic to destinations not within
+  # the pod network.
+  masquerade: "{{ canal_masquerade }}"
+
+  # Cluster name for Flannel etcd path
+  cluster_name: "{{ cluster_name }}"

roles/network_plugin/canal/templates/canal-node.yml.j2

@@ -47,10 +47,23 @@ spec:
       containers:
         - name: "flannel-server-helper"
           image: "{{ flannel_server_helper_image_repo }}:{{ flannel_server_helper_image_tag }}"
+          env:
+            # Cluster name
+            - name: CLUSTER_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: cluster_name
+            # The location of the etcd cluster.
+            - name: FLANNELD_ETCD_ENDPOINTS
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: etcd_endpoints
           args:
             - "--network-config=/etc/flannel-network.json"
-            - "--etcd-prefix=/{{ cluster_name }}/network"
+            - "--etcd-prefix=/$(CLUSTER_NAME)/network"
-            - "--etcd-server={{ etcd_endpoint }}"
+            - "--etcd-server=$(FLANNELD_ETCD_ENDPOINTS)"
           volumeMounts:
             - name: "networkconfig"
               mountPath: "/etc/flannel-network.json"
@@ -60,22 +73,40 @@ spec:
         - name: flannel
           image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
           env:
+            # Cluster name
+            - name: CLUSTER_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: cluster_name
             # The location of the etcd cluster.
             - name: FLANNELD_ETCD_ENDPOINTS
-              value: "{{ etcd_access_endpoint }}"
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: etcd_endpoints
             # The interface flannel should run on.
             - name: FLANNELD_IFACE
-              value: "{{ canal_iface }}"
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: flanneld_iface
             # Perform masquerade on traffic leaving the pod cidr.
             - name: FLANNELD_IP_MASQ
-              value: "{{ canal_masquerade }}"
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: masquerade
+            # Set etcd-prefix
+            - name: DOCKER_OPT_ETCD_PREFIX
+              value: "-etcd-prefix=/$(CLUSTER_NAME)/network"
             # Write the subnet.env file to the mounted directory.
             - name: FLANNELD_SUBNET_FILE
               value: "/run/flannel/subnet.env"
           command:
             - "/bin/sh"
             - "-c"
-            - "/opt/bin/flanneld -etcd-endpoints {{ etcd_access_endpoint }} -etcd-prefix /{{ cluster_name }}/network {% if canal_iface %}-iface {{ canal_iface }}{% endif %}"
+            - "/opt/bin/flanneld -etcd-prefix /$(CLUSTER_NAME)/network"
           ports:
             - hostPort: 10253
               containerPort: 10253
@@ -94,7 +125,10 @@ spec:
           env:
             # The location of the etcd cluster.
             - name: ETCD_ENDPOINTS
-              value: "{{ etcd_access_endpoint }}"
+              valueFrom:
+                configMapKeyRef:
+                  name: canal-config
+                  key: etcd_endpoints
             # Disable Calico BGP.  Calico is simply enforcing policy.
             - name: CALICO_NETWORKING
               value: "false"