diff --git a/roles/kubernetes/control-plane/meta/main.yml b/roles/kubernetes/control-plane/meta/main.yml
index 2657006e0206c56ea22ce7cc9a5cdd298bdde0a2..7d793f92f39e1eded9403eeac840755d6d610bc3 100644
--- a/roles/kubernetes/control-plane/meta/main.yml
+++ b/roles/kubernetes/control-plane/meta/main.yml
@@ -9,3 +9,4 @@ dependencies:
when:
- etcd_deployment_type == "kubeadm"
- not (ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk", "ClearLinux"] or is_fedora_coreos)
+ - role: network_plugin/calico_defaults
diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
index dfccb20b273149933e1faece64fb4f2f802db2a2..cbb22182315cf200f009724c820b5b3c568adb2e 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
@@ -295,11 +295,15 @@ controllerManager:
cluster-cidr: "{{ kube_pods_subnet }}{{ ',' + kube_pods_subnet_ipv6 if enable_dual_stack_networks else '' }}"
{% endif %}
service-cluster-ip-range: "{{ kube_service_addresses }}{{ ',' + kube_service_addresses_ipv6 if enable_dual_stack_networks else '' }}"
+{% if kube_network_plugin is defined and kube_network_plugin == "calico" and not calico_ipam_host_local %}
+ allocate-node-cidrs: "false"
+{% else %}
{% if enable_dual_stack_networks %}
node-cidr-mask-size-ipv4: "{{ kube_network_node_prefix }}"
node-cidr-mask-size-ipv6: "{{ kube_network_node_prefix_ipv6 }}"
{% else %}
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
+{% endif %}
{% endif %}
profiling: "{{ kube_profiling }}"
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
diff --git a/roles/network_plugin/calico/meta/main.yml b/roles/network_plugin/calico/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..15e9b8c408d587cae02e05781ce3de8827614d95
--- /dev/null
+++ b/roles/network_plugin/calico/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - role: network_plugin/calico_defaults
diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml
index 2138be87e29f20b348937cb8156266a0dfbc4e6c..de67b154e8783f1e3daf49d2ac4df0cde8ef9fc6 100644
--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -168,7 +168,7 @@
- name: "Check if inventory match current cluster configuration"
assert:
that:
- - calico_pool_conf.spec.blockSize | int == (calico_pool_blocksize | default(kube_network_node_prefix) | int)
+ - calico_pool_conf.spec.blockSize | int == calico_pool_blocksize | int
- calico_pool_conf.spec.cidr == (calico_pool_cidr | default(kube_pods_subnet))
- not calico_pool_conf.spec.ipipMode is defined or calico_pool_conf.spec.ipipMode == calico_ipip_mode
- not calico_pool_conf.spec.vxlanMode is defined or calico_pool_conf.spec.vxlanMode == calico_vxlan_mode
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 4aac9df5b5c8bc66f57122539d66fbcdd639b2a1..6b293dcb08352f266d5a80f6dde9cd781c0b874b 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -223,7 +223,7 @@
"name": "{{ calico_pool_name }}",
},
"spec": {
- "blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }},
+ "blockSize": {{ calico_pool_blocksize }},
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
"ipipMode": "{{ calico_ipip_mode }}",
"vxlanMode": "{{ calico_vxlan_mode }}",
@@ -274,7 +274,7 @@
"name": "{{ calico_pool_name }}-ipv6",
},
"spec": {
- "blockSize": {{ calico_pool_blocksize_ipv6 | default(kube_network_node_prefix_ipv6) }},
+ "blockSize": {{ calico_pool_blocksize_ipv6 }},
"cidr": "{{ calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}",
"ipipMode": "{{ calico_ipip_mode_ipv6 }}",
"vxlanMode": "{{ calico_vxlan_mode_ipv6 }}",
diff --git a/roles/network_plugin/calico/templates/calico-config.yml.j2 b/roles/network_plugin/calico/templates/calico-config.yml.j2
index 4012ef784c342204146e43f842fd161942d19c85..f1a3f2e76f1aad7edc31c30f6df3cc4219639ed6 100644
--- a/roles/network_plugin/calico/templates/calico-config.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-config.yml.j2
@@ -54,7 +54,7 @@ data:
"etcd_key_file": "{{ calico_cert_dir }}/key.pem",
"etcd_ca_cert_file": "{{ calico_cert_dir }}/ca_cert.crt",
{% endif %}
- {% if calico_ipam_host_local is defined %}
+ {% if calico_ipam_host_local %}
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico_defaults/defaults/main.yml
similarity index 97%
rename from roles/network_plugin/calico/defaults/main.yml
rename to roles/network_plugin/calico_defaults/defaults/main.yml
index b3c5f809cf388ee40560ca9122c361e85ee88d49..8e716498bd1cb9b833cf13a93b1e5afc894bc8f2 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico_defaults/defaults/main.yml
@@ -16,14 +16,14 @@ calico_vxlan_mode: Always # valid values are 'Always', 'Never' and 'CrossSubnet
calico_cni_pool: true
calico_cni_pool_ipv6: true
-# add default ippool blockSize (defaults kube_network_node_prefix)
+# add default ippool blockSize
calico_pool_blocksize: 26
# Calico doesn't support ipip tunneling for the IPv6.
calico_ipip_mode_ipv6: Never
calico_vxlan_mode_ipv6: Never
-# add default ipv6 ippool blockSize (defaults kube_network_node_prefix_ipv6)
+# add default ipv6 ippool blockSize
calico_pool_blocksize_ipv6: 122
# Calico network backend can be 'bird', 'vxlan' and 'none'
@@ -161,6 +161,10 @@ calico_ipam_autoallocateblocks: true
# Calico IPAM maxBlocksPerHost, default 0
calico_ipam_maxblocksperhost: 0
+# Calico host local IPAM (use node .spec.podCIDR)
+
+calico_ipam_host_local: false
+
# Calico apiserver (only with kdd)
calico_apiserver_enabled: false