From 7332679678dd91669e31cd92fd4243a7a9830652 Mon Sep 17 00:00:00 2001
From: AtzeDeVries <atze.devries@naturalis.nl>
Date: Tue, 20 Jun 2017 14:50:08 +0200
Subject: [PATCH] Give more control over IPIP, but with same default behaviour

---
 inventory/group_vars/k8s-cluster.yml          | 5 +++++
 roles/network_plugin/calico/defaults/main.yml | 3 ++-
 roles/network_plugin/calico/tasks/main.yml    | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml
index ef5e363dc..5403614a6 100644
--- a/inventory/group_vars/k8s-cluster.yml
+++ b/inventory/group_vars/k8s-cluster.yml
@@ -71,6 +71,11 @@ kube_users:
 # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: calico
 
+# In case of calico, override default behaviour to enable IPIP. Default behaviour is in case
+# of a cloud_provider ipip:true and in case of no cloud provider ipip:false
+# calico_ipip: true
+
+
 # Enable kubernetes network policies
 enable_network_policy: false
 
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 3ef70413f..88ab5b18e 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -2,8 +2,9 @@
 # Enables Internet connectivity from containers
 nat_outgoing: true
 
+# !! NOT USED in favour over calico_ipip
 # Use IP-over-IP encapsulation across hosts
-ipip: false
+# ipip: false
 
 # Set to true if you want your calico cni binaries to overwrite the
 # ones from hyperkube while leaving other cni plugins intact.
diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml
index fa734464e..4c2030491 100644
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -94,7 +94,7 @@
   shell: >
     echo '{
     "kind": "ipPool",
-    "spec": {"disabled": false, "ipip": {"enabled": {{ cloud_provider is defined or ipip }}},
+    "spec": {"disabled": false, "ipip": {"enabled": {{ calico_ipip is defined | ternary(calico_ipip, cloud_provider is defined) }}},
              "nat-outgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}},
     "apiVersion": "v1",
     "metadata": {"cidr": "{{ kube_pods_subnet }}"}
@@ -111,7 +111,7 @@
   set_fact:
     ipip_arg: "--ipip"
   when: (legacy_calicoctl and
-         cloud_provider is defined or ipip)
+         calico_ipip is defined | ternary (calico_ipip, cloud_provider is defined))
   tags: facts
 
 - name: Calico (old) | Define nat-outgoing pool argument
-- 
GitLab