diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index bee2e01e3681e62a616fe794c48ed0eacbb74142..dd6b71ae09a51d844cdbb1ba92d5008691949098 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -16,15 +16,6 @@
mode: 0755
remote_src: yes
-- name: Calico | Write Calico cni config
- template:
- src: "cni-calico.conflist.j2"
- dest: "/etc/cni/net.d/calico.conflist.template"
- mode: 0644
- owner: root
- register: calico_conflist
- notify: reset_calico_cni
-
- name: Calico | Create calico certs directory
file:
dest: "{{ calico_cert_dir }}"
diff --git a/roles/network_plugin/calico/templates/calico-config.yml.j2 b/roles/network_plugin/calico/templates/calico-config.yml.j2
index 568cc00af2695de529e5ff4ac1010109d068d352..0379b62712eec681d3bb4ca7025e0c96b3e8fb40 100644
--- a/roles/network_plugin/calico/templates/calico-config.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-config.yml.j2
@@ -25,3 +25,87 @@ data:
{% if inventory_hostname in groups['k8s_cluster'] and peer_with_router|default(false) %}
as: "{{ local_as|default(global_as_num) }}"
{% endif -%}
+ # The CNI network configuration to install on each node. The special
+ # values in this config will be automatically populated.
+ cni_network_config: |-
+ {
+ "name": "{{ calico_cni_name }}",
+ "cniVersion":"0.3.1",
+ "plugins":[
+ {
+ {% if calico_datastore == "kdd" %}
+ "datastore_type": "kubernetes",
+ "nodename": "__KUBERNETES_NODE_NAME__",
+ {% else %}
+ {% if cloud_provider is defined %}
+ "nodename": "{{ calico_kubelet_name.stdout }}",
+ {% else %}
+ "nodename": "{{ calico_baremetal_nodename }}",
+ {% endif %}
+ {% endif %}
+ "type": "calico",
+ "log_level": "info",
+ {% if calico_cni_log_file_path %}
+ "log_file_path": "{{ calico_cni_log_file_path }}",
+ {% endif %}
+ {% if calico_datastore == "etcd" %}
+ "etcd_endpoints": "{{ etcd_access_addresses }}",
+ "etcd_cert_file": "{{ calico_cert_dir }}/cert.crt",
+ "etcd_key_file": "{{ calico_cert_dir }}/key.pem",
+ "etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt",
+ {% endif %}
+ {% if calico_ipam_host_local is defined %}
+ "ipam": {
+ "type": "host-local",
+ "subnet": "usePodCidr"
+ },
+ {% else %}
+ "ipam": {
+ "type": "calico-ipam",
+ {% if enable_dual_stack_networks %}
+ "assign_ipv6": "true",
+ {% endif %}
+ "assign_ipv4": "true"
+ },
+ {% endif %}
+ {% if calico_allow_ip_forwarding %}
+ "container_settings": {
+ "allow_ip_forwarding": true
+ },
+ {% endif %}
+ {% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
+ "feature_control": {
+ {% for fc in calico_feature_control -%}
+ {% set fcval = calico_feature_control[fc] -%}
+ "{{ fc }}": {{ (fcval | string | lower) if (fcval == true or fcval == false) else "\"" + fcval + "\"" }}{{ "," if not loop.last else "" }}
+ {% endfor -%}
+ {{- "" }}
+ },
+ {% endif %}
+ {% if enable_network_policy %}
+ "policy": {
+ "type": "k8s"
+ },
+ {% endif %}
+ {% if calico_mtu is defined and calico_mtu is number %}
+ "mtu": {{ calico_mtu }},
+ {% endif %}
+ "kubernetes": {
+ "kubeconfig": "__KUBECONFIG_FILEPATH__"
+ }
+ },
+ {
+ "type":"portmap",
+ "capabilities": {
+ "portMappings": true
+ }
+ },
+ {
+ "type":"bandwidth",
+ "capabilities": {
+ "bandwidth": true
+ }
+ }
+ ]
+ }
+
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 3af01c8e7474cc76e92aded02d8043077ea8afb9..bd6c63c2432fab35885d17386d04ff51e44d7a5c 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -80,15 +80,18 @@ spec:
name: kubernetes-services-endpoint
optional: true
env:
+ # The CNI network config to install on each node.
+ - name: CNI_NETWORK_CONFIG
+ valueFrom:
+ configMapKeyRef:
+ name: calico-config
+ key: cni_network_config
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: "10-calico.conflist"
# Install CNI binaries
- name: UPDATE_CNI_BINARIES
value: "true"
- # The CNI network config to install on each node.
- - name: CNI_NETWORK_CONFIG_FILE
- value: "/host/etc/cni/net.d/calico.conflist.template"
# Prevents the container from sleeping forever.
- name: SLEEP
value: "false"
diff --git a/roles/network_plugin/calico/templates/cni-calico.conflist.j2 b/roles/network_plugin/calico/templates/cni-calico.conflist.j2
deleted file mode 100644
index 5cdf1ac86d18b53d0f7c597703ffb17f8b490b82..0000000000000000000000000000000000000000
--- a/roles/network_plugin/calico/templates/cni-calico.conflist.j2
+++ /dev/null
@@ -1,86 +0,0 @@
-{
- "name": "{{ calico_cni_name }}",
- "cniVersion":"0.3.1",
- "plugins":[
- {
-{% if calico_datastore == "kdd" %}
- "datastore_type": "kubernetes",
- "nodename": "__KUBERNETES_NODE_NAME__",
-{% else %}
-{% if cloud_provider is defined %}
- "nodename": "{{ calico_kubelet_name.stdout }}",
-{% else %}
- "nodename": "{{ calico_baremetal_nodename }}",
-{% endif %}
-{% endif %}
- "type": "calico",
- "log_level": "info",
-{% if calico_cni_log_file_path %}
- "log_file_path": "{{ calico_cni_log_file_path }}",
-{% endif %}
-{% if calico_datastore == "etcd" %}
- "etcd_endpoints": "{{ etcd_access_addresses }}",
- "etcd_cert_file": "{{ calico_cert_dir }}/cert.crt",
- "etcd_key_file": "{{ calico_cert_dir }}/key.pem",
- "etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt",
-{% endif %}
-{% if calico_ipam_host_local is defined %}
- "ipam": {
- "type": "host-local",
- "subnet": "usePodCidr"
- },
-{% else %}
- "ipam": {
- "type": "calico-ipam",
-{% if enable_dual_stack_networks %}
- "assign_ipv6": "true",
-{% if calico_cni_pool_ipv6 %}
- "ipv6_pools": ["{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}"],
-{% endif %}
-{% endif %}
-{% if calico_cni_pool %}
- "ipv4_pools": ["{{ calico_pool_cidr | default(kube_pods_subnet) }}"],
-{% endif %}
- "assign_ipv4": "true"
- },
-{% endif %}
-{% if calico_allow_ip_forwarding %}
- "container_settings": {
- "allow_ip_forwarding": true
- },
-{% endif %}
-{% if (calico_feature_control is defined) and (calico_feature_control|length > 0) %}
- "feature_control": {
- {% for fc in calico_feature_control -%}
- {% set fcval = calico_feature_control[fc] -%}
- "{{ fc }}": {{ (fcval | string | lower) if (fcval == true or fcval == false) else "\"" + fcval + "\"" }}{{ "," if not loop.last else "" }}
- {% endfor -%}
- {{- "" }}
- },
-{% endif %}
-{% if enable_network_policy %}
- "policy": {
- "type": "k8s"
- },
-{% endif %}
-{% if calico_mtu is defined and calico_mtu is number %}
- "mtu": {{ calico_mtu }},
-{% endif %}
- "kubernetes": {
- "kubeconfig": "__KUBECONFIG_FILEPATH__"
- }
- },
- {
- "type":"portmap",
- "capabilities": {
- "portMappings": true
- }
- },
- {
- "type":"bandwidth",
- "capabilities": {
- "bandwidth": true
- }
- }
- ]
-}