From 9d3a894991b4a7e88fa78760e63fe6a71c33c09e Mon Sep 17 00:00:00 2001
From: Tamas Pasztor <tomcsi@tomcsi.hu>
Date: Fri, 20 May 2022 08:45:13 +0200
Subject: [PATCH] Possible remove ippools from cni config (#8845)

* Possible remove ippools from cni config

* Typo

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

* Update cni-calico.conflist.j2

Incorrectly deleted calico forwarding content.

* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>

Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
---
 .../sample/group_vars/k8s_cluster/k8s-net-calico.yml      | 6 ++++++
 roles/network_plugin/calico/defaults/main.yml             | 3 +++
 .../calico/templates/cni-calico.conflist.j2               | 8 ++++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
index bcf7827d4..cb8cde067 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
@@ -24,9 +24,15 @@ calico_cni_name: k8s-pod-network
 # add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
 # calico_pool_cidr: 1.2.3.4/5
 
+# add default ippool CIDR to CNI config
+# calico_cni_pool: true
+
 # Add default IPV6 IPPool CIDR. Must be inside kube_pods_subnet_ipv6. Defaults to kube_pods_subnet_ipv6 if not set.
 # calico_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
 
+# Add default IPV6 IPPool CIDR to CNI config
+# calico_cni_pool_ipv6: true
+
 # Global as_num (/calico/bgp/v1/global/as_num)
 # global_as_num: "64512"
 
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index e73545c21..92bf788a6 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -13,6 +13,9 @@ calico_ipv4pool_ipip: "Off"
 calico_ipip_mode: Never  # valid values are 'Always', 'Never' and 'CrossSubnet'
 calico_vxlan_mode: Always  # valid values are 'Always', 'Never' and 'CrossSubnet'
 
+calico_cni_pool: true
+calico_cni_pool_ipv6: true
+
 # Calico doesn't support ipip tunneling for the IPv6.
 calico_ipip_mode_ipv6: Never
 calico_vxlan_mode_ipv6: Never
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
index 13d0a2367..148224cad 100644
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
@@ -32,10 +32,14 @@
         "type": "calico-ipam",
 {%   if enable_dual_stack_networks %}
         "assign_ipv6": "true",
+{%      if calico_cni_pool_ipv6 %}
         "ipv6_pools": ["{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}"],
+{%      endif %}
 {%   endif %}
-        "assign_ipv4": "true",
-        "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"]
+{%      if calico_cni_pool %}
+        "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"],
+{%      endif %}
+        "assign_ipv4": "true"
       },
 {% endif %}
 {% if calico_allow_ip_forwarding %}