[calico] don't clobber user set ippool options that are not managed by kubespray

47812ec0 · Calin Cristian Andrei · c27dee57 · 47812ec0
Commit 47812ec0 authored 3 years ago by Calin Cristian Andrei
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -198,13 +198,18 @@
  when:
    - inventory_hostname == groups['kube_control_plane'][0]
- name: Calico | Configure calico network pool
+- block:
-  command:
+    - name: Calico | Get existing calico network pool
-    cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
+      command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }} -o json"
-    stdin: "{{ stdin is string | ternary(stdin, stdin|to_json) }}"
+      register: _calico_pool_cmd
-  vars:
+      ignore_errors: True
-    stdin: >
+      changed_when: False
-      { "kind": "IPPool",
+    - name: Calico | Set kubespray calico network pool
+      set_fact:
+        _calico_pool: >
+          {
+            "kind": "IPPool",
            "apiVersion": "projectcalico.org/v3",
            "metadata": {
              "name": "{{ calico_pool_name }}",
@@ -214,16 +219,36 @@
              "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
              "ipipMode": "{{ calico_ipip_mode }}",
              "vxlanMode": "{{ calico_vxlan_mode }}",
-          "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }}
+              "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}
+            }
+          }
+    - name: Calico | Process calico network pool
+      set_fact:
+        _calico_pool: "{{ _calico_pool_cmd.stdout | from_json | combine(_calico_pool, recursive=True) }}"
      when:
-    - inventory_hostname == groups['kube_control_plane'][0]
+        - _calico_pool_cmd is success
-    - 'calico_conf.stdout == "0"'
- name: Calico | Configure calico ipv6 network pool
+    - name: Calico | Configure calico network pool
      command:
        cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
-    stdin: >
+        stdin: "{{ _calico_pool is string | ternary(_calico_pool, _calico_pool|to_json) }}"
-      { "kind": "IPPool",
+      changed_when: False
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+- block:
+    - name: Calico | Get existing calico ipv6 network pool
+      command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json"
+      register: _calico_pool_ipv6_cmd
+      ignore_errors: True
+      changed_when: False
+    - name: Calico | Set kubespray calico network pool
+      set_fact:
+        _calico_pool_ipv6: >
+          {
+            "kind": "IPPool",
            "apiVersion": "projectcalico.org/v3",
            "metadata": {
              "name": "{{ calico_pool_name }}-ipv6",
@@ -233,10 +258,23 @@
              "cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
              "ipipMode": "{{ calico_ipip_mode_ipv6 }}",
              "vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
-          "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }} }}
+              "natOutgoing": {{ nat_outgoing_ipv6|default(false) and not peer_with_router_ipv6|default(false) }}
+            }
+          }
+    - name: Calico | Process calico ipv6 network pool
+      set_fact:
+        _calico_pool_ipv6: "{{ _calico_pool_ipv6_cmd.stdout | from_json | combine(_calico_pool_ipv6, recursive=True) }}"
+      when:
+        - _calico_pool_ipv6_cmd is success
+    - name: Calico | Configure calico ipv6 network pool
+      command:
+        cmd: "{{ bin_dir }}/calicoctl.sh apply -f -"
+        stdin: "{{ _calico_pool_ipv6 is string | ternary(_calico_pool_ipv6, _calico_pool_ipv6|to_json) }}"
+      changed_when: False
  when:
    - inventory_hostname == groups['kube_control_plane'][0]
-    - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
    - enable_dual_stack_networks | bool
 - name: Populate Service External IPs