From 47812ec002061fcc1163eb12b2bbdc80ffd7270d Mon Sep 17 00:00:00 2001
From: Calin Cristian Andrei <cristian.calin@outlook.com>
Date: Thu, 12 May 2022 12:25:26 +0000
Subject: [PATCH] [calico] don't clobber user set ippool options that are not
managed by kubespray
---
roles/network_plugin/calico/tasks/install.yml | 106 ++++++++++++------
1 file changed, 72 insertions(+), 34 deletions(-)
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 807754e1b..ab1f4b0db 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -198,45 +198,83 @@
when:
- inventory_hostname == groups['kube_control_plane'][0]
-- name: Calico | Configure calico network pool
- command:
- cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
- stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
- vars:
- stdin: >
- { "kind": "IPPool",
- "apiVersion": "projectcalico.org/v3",
- "metadata": {
- "name": "{{ calico_pool_name }}",
- },
- "spec": {
- "blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }},
- "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
- "ipipMode": "{{ calico_ipip_mode }}",
- "vxlanMode": "{{ calico_vxlan_mode }}",
- "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }}
+- block:
+ - name: Calico | Get existing calico network pool
+ command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }} -o json"
+ register: _calico_pool_cmd
+ ignore_errors: True
+ changed_when: False
+
+ - name: Calico | Set kubespray calico network pool
+ set_fact:
+ _calico_pool: >
+ {
+ "kind": "IPPool",
+ "apiVersion": "projectcalico.org/v3",
+ "metadata": {
+ "name": "{{ calico_pool_name }}",
+ },
+ "spec": {
+ "blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }},
+ "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
+ "ipipMode": "{{ calico_ipip_mode }}",
+ "vxlanMode": "{{ calico_vxlan_mode }}",
+ "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}
+ }
+ }
+
+ - name: Calico | Process calico network pool
+ set_fact:
+ _calico_pool: "{{ _calico_pool_cmd.stdout | from_json | combine(_calico_pool, recursive=True) }}"
+ when:
+ - _calico_pool_cmd is success
+
+ - name: Calico | Configure calico network pool
+ command:
+ cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
+ stdin: "{{ _calico_pool is string | ternary(_calico_pool, _calico_pool|to_json) }}"
+ changed_when: False
when:
- inventory_hostname == groups['kube_control_plane'][0]
- - 'calico_conf.stdout == "0"'
-- name: Calico | Configure calico ipv6 network pool
- command:
- cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
- stdin: >
- { "kind": "IPPool",
- "apiVersion": "projectcalico.org/v3",
- "metadata": {
- "name": "{{ calico_pool_name }}-ipv6",
- },
- "spec": {
- "blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }},
- "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
- "ipipMode": "{{ calico_ipip_mode_ipv6 }}",
- "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
- "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} }}
+- block:
+ - name: Calico | Get existing calico ipv6 network pool
+ command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json"
+ register: _calico_pool_ipv6_cmd
+ ignore_errors: True
+ changed_when: False
+
+ - name: Calico | Set kubespray calico network pool
+ set_fact:
+ _calico_pool_ipv6: >
+ {
+ "kind": "IPPool",
+ "apiVersion": "projectcalico.org/v3",
+ "metadata": {
+ "name": "{{ calico_pool_name }}-ipv6",
+ },
+ "spec": {
+ "blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }},
+ "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
+ "ipipMode": "{{ calico_ipip_mode_ipv6 }}",
+ "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
+ "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }}
+ }
+ }
+
+ - name: Calico | Process calico ipv6 network pool
+ set_fact:
+ _calico_pool_ipv6: "{{ _calico_pool_ipv6_cmd.stdout | from_json | combine(_calico_pool_ipv6, recursive=True) }}"
+ when:
+ - _calico_pool_ipv6_cmd is success
+
+ - name: Calico | Configure calico ipv6 network pool
+ command:
+ cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
+ stdin: "{{ _calico_pool_ipv6 is string | ternary(_calico_pool_ipv6, _calico_pool_ipv6|to_json) }}"
+ changed_when: False
when:
- inventory_hostname == groups['kube_control_plane'][0]
- - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
- enable_dual_stack_networks | bool
- name: Populate Service External IPs
--
GitLab