From 6141b98bf85eb49c576e2e4ead6f61e94180e953 Mon Sep 17 00:00:00 2001
From: Hans Feldt <2808287+hafe@users.noreply.github.com>
Date: Wed, 23 Sep 2020 17:38:09 +0200
Subject: [PATCH] calico: default to using kdd datastore (#6693)

If already deployed, get current datastore from CNI config file
---
 docs/calico.md                                 | 14 ++++++++++++++
 roles/kubespray-defaults/defaults/main.yaml    |  2 +-
 roles/network_plugin/calico/defaults/main.yml  |  2 +-
 roles/network_plugin/calico/tasks/pre.yml      | 18 +++++++++++++++++-
 tests/files/packet_opensuse-canal.yml          |  1 +
 tests/files/packet_oracle7-canal-ha.yml        |  1 +
 .../files/packet_ubuntu16-canal-kubeadm-ha.yml |  1 +
 tests/files/packet_ubuntu16-canal-sep.yml      |  1 +
 8 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/docs/calico.md b/docs/calico.md
index 2d60c96ac..ace931a23 100644
--- a/docs/calico.md
+++ b/docs/calico.md
@@ -58,6 +58,20 @@ calicoctl.sh endpoint show --detail
 
 ## Configuration
 
+### Optional : Define datastore type
+
+The default datastore, Kubernetes API datastore is recommended for on-premises deployments, and supports only Kubernetes workloads; etcd is the best datastore for hybrid deployments.
+
+Allowed values are `kdd` (default) and `etcd`.
+
+Note: using kdd and more than 50 nodes, consider using the `typha` daemon to provide scaling.
+
+To re-define you need to edit the inventory and add a group variable `calico_datastore`
+
+```yml
+calico_datastore: kdd
+```
+
 ### Optional : Define network backend
 
 In some cases you may want to define Calico network backend. Allowed values are `bird`, `vxlan` or `none`. Bird is a default value.
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index de9c2b284..5587561c0 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -157,7 +157,7 @@ peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length >
 calico_upgrade_enabled: true
 
 # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
-calico_datastore: "etcd"
+calico_datastore: "kdd"
 
 # Kubernetes internal network for services, unused block of space.
 kube_service_addresses: 10.233.0.0/18
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index f183606c2..1cf703cc1 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -81,7 +81,7 @@ kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
 kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
 
 # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
-# The default value calico_datastore: "etcd" is set in role kubespray-default
+# The default value for calico_datastore is set in role kubespray-default
 
 # Use typha (only with kdd)
 typha_enabled: false
diff --git a/roles/network_plugin/calico/tasks/pre.yml b/roles/network_plugin/calico/tasks/pre.yml
index cebd717c4..517218a88 100644
--- a/roles/network_plugin/calico/tasks/pre.yml
+++ b/roles/network_plugin/calico/tasks/pre.yml
@@ -1,4 +1,20 @@
 ---
+- name: Slurp CNI config
+  slurp:
+    src: /etc/cni/net.d/10-calico.conflist
+  register: calico_cni_config_slurp
+  failed_when: false
+
+- block:
+  - name: Set fact calico_cni_config from slurped CNI config
+    set_fact:
+      calico_cni_config: "{{ calico_cni_config_slurp['content'] | b64decode | from_json }}"
+  - name: Set fact calico_datastore to etcd if needed
+    set_fact:
+      calico_datastore: etcd
+    when: "'etcd_endpoints' in calico_cni_config.plugins.0"
+  when: calico_cni_config_slurp.content is defined
+
 - name: Calico | Get kubelet hostname
   shell: >-
     set -o pipefail && {{ bin_dir }}/kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address'
@@ -8,4 +24,4 @@
   register: calico_kubelet_name
   delegate_to: "{{ groups['kube-master'][0] }}"
   when:
-    - "cloud_provider is defined"
+  - "cloud_provider is defined"
diff --git a/tests/files/packet_opensuse-canal.yml b/tests/files/packet_opensuse-canal.yml
index 7dc12c061..a82a07cd4 100644
--- a/tests/files/packet_opensuse-canal.yml
+++ b/tests/files/packet_opensuse-canal.yml
@@ -4,6 +4,7 @@ cloud_image: opensuse-leap-15
 mode: default
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 deploy_netchecker: true
 dns_min_replicas: 1
diff --git a/tests/files/packet_oracle7-canal-ha.yml b/tests/files/packet_oracle7-canal-ha.yml
index 6497dd11b..01ca011a5 100644
--- a/tests/files/packet_oracle7-canal-ha.yml
+++ b/tests/files/packet_oracle7-canal-ha.yml
@@ -4,6 +4,7 @@ cloud_image: oracle-7
 mode: ha
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 dynamic_kubelet_configuration: true
 deploy_netchecker: true
diff --git a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
index 991ff0b7f..7b27b4bae 100644
--- a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
+++ b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml
@@ -4,6 +4,7 @@ cloud_image: ubuntu-1604
 mode: ha
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 dynamic_kubelet_configuration: true
 deploy_netchecker: true
diff --git a/tests/files/packet_ubuntu16-canal-sep.yml b/tests/files/packet_ubuntu16-canal-sep.yml
index 8df833189..a88dcacc6 100644
--- a/tests/files/packet_ubuntu16-canal-sep.yml
+++ b/tests/files/packet_ubuntu16-canal-sep.yml
@@ -4,6 +4,7 @@ cloud_image: ubuntu-1604
 mode: separate
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 deploy_netchecker: true
 dns_min_replicas: 1
-- 
GitLab