Merge pull request #8815 from simplekube-ro/dont_clobber_calico

[calico] don't clobber calico options set by the user
This commit is contained in:
Kenichi Omichi 2022-05-24 10:25:48 -07:00 committed by GitHub
commit dc2a18e436
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -156,13 +156,18 @@
- inventory_hostname in groups['kube_control_plane'] - inventory_hostname in groups['kube_control_plane']
- calico_datastore == "kdd" - calico_datastore == "kdd"
- name: Calico | Configure calico FelixConfiguration - block:
command: - name: Calico | Get existing FelixConfiguration
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" command: "{{ bin_dir }}/calicoctl.sh get felixconfig default -o json"
stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}" register: _felix_cmd
vars: ignore_errors: True
stdin: > changed_when: False
{ "kind": "FelixConfiguration",
- name: Calico | Set kubespray FelixConfiguration
set_fact:
_felix_config: >
{
"kind": "FelixConfiguration",
"apiVersion": "projectcalico.org/v3", "apiVersion": "projectcalico.org/v3",
"metadata": { "metadata": {
"name": "default", "name": "default",
@ -175,17 +180,36 @@
"bpfExternalServiceMode": "{{ calico_bpf_service_mode }}", "bpfExternalServiceMode": "{{ calico_bpf_service_mode }}",
"wireguardEnabled": {{ calico_wireguard_enabled | bool }}, "wireguardEnabled": {{ calico_wireguard_enabled | bool }},
"logSeverityScreen": "{{ calico_felix_log_severity_screen }}", "logSeverityScreen": "{{ calico_felix_log_severity_screen }}",
"vxlanEnabled": {{ calico_vxlan_mode != 'Never' }} }} "vxlanEnabled": {{ calico_vxlan_mode != 'Never' }}
}
}
- name: Calico | Process FelixConfiguration
set_fact:
_felix_config: "{{ _felix_cmd.stdout | from_json | combine(_felix_config, recursive=True) }}"
when:
- _felix_cmd is success
- name: Calico | Configure calico FelixConfiguration
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ _felix_config is string | ternary(_felix_config, _felix_config|to_json) }}"
changed_when: False
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
- name: Calico | Configure calico network pool - block:
command: - name: Calico | Get existing calico network pool
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }} -o json"
stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}" register: _calico_pool_cmd
vars: ignore_errors: True
stdin: > changed_when: False
{ "kind": "IPPool",
- name: Calico | Set kubespray calico network pool
set_fact:
_calico_pool: >
{
"kind": "IPPool",
"apiVersion": "projectcalico.org/v3", "apiVersion": "projectcalico.org/v3",
"metadata": { "metadata": {
"name": "{{ calico_pool_name }}", "name": "{{ calico_pool_name }}",
@ -195,16 +219,36 @@
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}", "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
"ipipMode": "{{ calico_ipip_mode }}", "ipipMode": "{{ calico_ipip_mode }}",
"vxlanMode": "{{ calico_vxlan_mode }}", "vxlanMode": "{{ calico_vxlan_mode }}",
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}
when: }
- inventory_hostname == groups['kube_control_plane'][0] }
- 'calico_conf.stdout == "0"'
- name: Calico | Configure calico ipv6 network pool - name: Calico | Process calico network pool
set_fact:
_calico_pool: "{{ _calico_pool_cmd.stdout | from_json | combine(_calico_pool, recursive=True) }}"
when:
- _calico_pool_cmd is success
- name: Calico | Configure calico network pool
command: command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: > stdin: "{{ _calico_pool is string | ternary(_calico_pool, _calico_pool|to_json) }}"
{ "kind": "IPPool", changed_when: False
when:
- inventory_hostname == groups['kube_control_plane'][0]
- block:
- name: Calico | Get existing calico ipv6 network pool
command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json"
register: _calico_pool_ipv6_cmd
ignore_errors: True
changed_when: False
- name: Calico | Set kubespray calico network pool
set_fact:
_calico_pool_ipv6: >
{
"kind": "IPPool",
"apiVersion": "projectcalico.org/v3", "apiVersion": "projectcalico.org/v3",
"metadata": { "metadata": {
"name": "{{ calico_pool_name }}-ipv6", "name": "{{ calico_pool_name }}-ipv6",
@ -214,10 +258,23 @@
"cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}", "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
"ipipMode": "{{ calico_ipip_mode_ipv6 }}", "ipipMode": "{{ calico_ipip_mode_ipv6 }}",
"vxlanMode": "{{ calico_vxlan_mode_ipv6 }}", "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
"natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} }} "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }}
}
}
- name: Calico | Process calico ipv6 network pool
set_fact:
_calico_pool_ipv6: "{{ _calico_pool_ipv6_cmd.stdout | from_json | combine(_calico_pool_ipv6, recursive=True) }}"
when:
- _calico_pool_ipv6_cmd is success
- name: Calico | Configure calico ipv6 network pool
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ _calico_pool_ipv6 is string | ternary(_calico_pool_ipv6, _calico_pool_ipv6|to_json) }}"
changed_when: False
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
- calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
- enable_dual_stack_networks | bool - enable_dual_stack_networks | bool
- name: Populate Service External IPs - name: Populate Service External IPs
@ -240,13 +297,18 @@
- inventory_hostname in groups['k8s_cluster'] - inventory_hostname in groups['k8s_cluster']
run_once: yes run_once: yes
- name: Calico | Set up BGP Configuration - block:
command: - name: Calico | Get existing BGP Configuration
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" command: "{{ bin_dir }}/calicoctl.sh get bgpconfig default -o json"
stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}" register: _bgp_config_cmd
vars: ignore_errors: True
stdin: > changed_when: False
{ "kind": "BGPConfiguration",
- name: Calico | Set kubespray BGP Configuration
set_fact:
_bgp_config: >
{
"kind": "BGPConfiguration",
"apiVersion": "projectcalico.org/v3", "apiVersion": "projectcalico.org/v3",
"metadata": { "metadata": {
"name": "default", "name": "default",
@ -259,8 +321,21 @@
{% if calico_advertise_cluster_ips|default(false) %} {% if calico_advertise_cluster_ips|default(false) %}
"serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %} "serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %}
{% if calico_advertise_service_loadbalancer_ips|length > 0 %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %} {% if calico_advertise_service_loadbalancer_ips|length > 0 %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %}
"serviceExternalIPs": {{ _service_external_ips|default([]) }} }} "serviceExternalIPs": {{ _service_external_ips|default([]) }}
changed_when: false }
}
- name: Calico | Process BGP Configuration
set_fact:
_bgp_config: "{{ _bgp_config_cmd.stdout | from_json | combine(_bgp_config, recursive=True) }}"
when:
- _bgp_config_cmd is success
- name: Calico | Set up BGP Configuration
command:
cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
stdin: "{{ _bgp_config is string | ternary(_bgp_config, _bgp_config|to_json) }}"
changed_when: False
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]