diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 402aeeeb9..6a863d377 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -156,68 +156,125 @@ - inventory_hostname in groups['kube_control_plane'] - calico_datastore == "kdd" -- name: Calico | Configure calico FelixConfiguration - command: - cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" - stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}" - vars: - stdin: > - { "kind": "FelixConfiguration", - "apiVersion": "projectcalico.org/v3", - "metadata": { - "name": "default", - }, - "spec": { - "ipipEnabled": {{ calico_ipip_mode != 'Never' }}, - "reportingInterval": "{{ calico_felix_reporting_interval }}", - "bpfLogLevel": "{{ calico_bpf_log_level }}", - "bpfEnabled": {{ calico_bpf_enabled | bool }}, - "bpfExternalServiceMode": "{{ calico_bpf_service_mode }}", - "wireguardEnabled": {{ calico_wireguard_enabled | bool }}, - "logSeverityScreen": "{{ calico_felix_log_severity_screen }}", - "vxlanEnabled": {{ calico_vxlan_mode != 'Never' }} }} +- block: + - name: Calico | Get existing FelixConfiguration + command: "{{ bin_dir }}/calicoctl.sh get felixconfig default -o json" + register: _felix_cmd + ignore_errors: True + changed_when: False + + - name: Calico | Set kubespray FelixConfiguration + set_fact: + _felix_config: > + { + "kind": "FelixConfiguration", + "apiVersion": "projectcalico.org/v3", + "metadata": { + "name": "default", + }, + "spec": { + "ipipEnabled": {{ calico_ipip_mode != 'Never' }}, + "reportingInterval": "{{ calico_felix_reporting_interval }}", + "bpfLogLevel": "{{ calico_bpf_log_level }}", + "bpfEnabled": {{ calico_bpf_enabled | bool }}, + "bpfExternalServiceMode": "{{ calico_bpf_service_mode }}", + "wireguardEnabled": {{ calico_wireguard_enabled | bool }}, + "logSeverityScreen": "{{ calico_felix_log_severity_screen }}", + "vxlanEnabled": {{ calico_vxlan_mode != 'Never' }} + } + } + + - name: Calico | Process FelixConfiguration + set_fact: + _felix_config: "{{ _felix_cmd.stdout | from_json | combine(_felix_config, recursive=True) }}" + when: + - _felix_cmd is success + + - name: Calico | Configure calico FelixConfiguration + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: "{{ _felix_config is string | ternary(_felix_config, _felix_config|to_json) }}" + changed_when: False when: - inventory_hostname == groups['kube_control_plane'][0] -- name: Calico | Configure calico network pool - command: - cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" - stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}" - vars: - stdin: > - { "kind": "IPPool", - "apiVersion": "projectcalico.org/v3", - "metadata": { - "name": "{{ calico_pool_name }}", - }, - "spec": { - "blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }}, - "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}", - "ipipMode": "{{ calico_ipip_mode }}", - "vxlanMode": "{{ calico_vxlan_mode }}", - "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} - when: - - inventory_hostname == groups['kube_control_plane'][0] - - 'calico_conf.stdout == "0"' +- block: + - name: Calico | Get existing calico network pool + command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }} -o json" + register: _calico_pool_cmd + ignore_errors: True + changed_when: False -- name: Calico | Configure calico ipv6 network pool - command: - cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" - stdin: > - { "kind": "IPPool", - "apiVersion": "projectcalico.org/v3", - "metadata": { - "name": "{{ calico_pool_name }}-ipv6", - }, - "spec": { - "blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }}, - "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}", - "ipipMode": "{{ calico_ipip_mode_ipv6 }}", - "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}", - "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} }} + - name: Calico | Set kubespray calico network pool + set_fact: + _calico_pool: > + { + "kind": "IPPool", + "apiVersion": "projectcalico.org/v3", + "metadata": { + "name": "{{ calico_pool_name }}", + }, + "spec": { + "blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }}, + "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}", + "ipipMode": "{{ calico_ipip_mode }}", + "vxlanMode": "{{ calico_vxlan_mode }}", + "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} + } + } + + - name: Calico | Process calico network pool + set_fact: + _calico_pool: "{{ _calico_pool_cmd.stdout | from_json | combine(_calico_pool, recursive=True) }}" + when: + - _calico_pool_cmd is success + + - name: Calico | Configure calico network pool + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: "{{ _calico_pool is string | ternary(_calico_pool, _calico_pool|to_json) }}" + changed_when: False + when: + - inventory_hostname == groups['kube_control_plane'][0] + +- block: + - name: Calico | Get existing calico ipv6 network pool + command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json" + register: _calico_pool_ipv6_cmd + ignore_errors: True + changed_when: False + + - name: Calico | Set kubespray calico network pool + set_fact: + _calico_pool_ipv6: > + { + "kind": "IPPool", + "apiVersion": "projectcalico.org/v3", + "metadata": { + "name": "{{ calico_pool_name }}-ipv6", + }, + "spec": { + "blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }}, + "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}", + "ipipMode": "{{ calico_ipip_mode_ipv6 }}", + "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}", + "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} + } + } + + - name: Calico | Process calico ipv6 network pool + set_fact: + _calico_pool_ipv6: "{{ _calico_pool_ipv6_cmd.stdout | from_json | combine(_calico_pool_ipv6, recursive=True) }}" + when: + - _calico_pool_ipv6_cmd is success + + - name: Calico | Configure calico ipv6 network pool + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: "{{ _calico_pool_ipv6 is string | ternary(_calico_pool_ipv6, _calico_pool_ipv6|to_json) }}" + changed_when: False when: - inventory_hostname == groups['kube_control_plane'][0] - - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0" - enable_dual_stack_networks | bool - name: Populate Service External IPs @@ -240,27 +297,45 @@ - inventory_hostname in groups['k8s_cluster'] run_once: yes -- name: Calico | Set up BGP Configuration - command: - cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" - stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}" - vars: - stdin: > - { "kind": "BGPConfiguration", - "apiVersion": "projectcalico.org/v3", - "metadata": { - "name": "default", - }, - "spec": { - "listenPort": {{ calico_bgp_listen_port }}, - "logSeverityScreen": "Info", - {% if not calico_no_global_as_num|default(false) %}"asNumber": {{ global_as_num }},{% endif %} - "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} , - {% if calico_advertise_cluster_ips|default(false) %} - "serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %} - {% if calico_advertise_service_loadbalancer_ips|length > 0 %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %} - "serviceExternalIPs": {{ _service_external_ips|default([]) }} }} - changed_when: false +- block: + - name: Calico | Get existing BGP Configuration + command: "{{ bin_dir }}/calicoctl.sh get bgpconfig default -o json" + register: _bgp_config_cmd + ignore_errors: True + changed_when: False + + - name: Calico | Set kubespray BGP Configuration + set_fact: + _bgp_config: > + { + "kind": "BGPConfiguration", + "apiVersion": "projectcalico.org/v3", + "metadata": { + "name": "default", + }, + "spec": { + "listenPort": {{ calico_bgp_listen_port }}, + "logSeverityScreen": "Info", + {% if not calico_no_global_as_num|default(false) %}"asNumber": {{ global_as_num }},{% endif %} + "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled|default('true') }} , + {% if calico_advertise_cluster_ips|default(false) %} + "serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %} + {% if calico_advertise_service_loadbalancer_ips|length > 0 %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %} + "serviceExternalIPs": {{ _service_external_ips|default([]) }} + } + } + + - name: Calico | Process BGP Configuration + set_fact: + _bgp_config: "{{ _bgp_config_cmd.stdout | from_json | combine(_bgp_config, recursive=True) }}" + when: + - _bgp_config_cmd is success + + - name: Calico | Set up BGP Configuration + command: + cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" + stdin: "{{ _bgp_config is string | ternary(_bgp_config, _bgp_config|to_json) }}" + changed_when: False when: - inventory_hostname == groups['kube_control_plane'][0]