From a28b58dbd0dcf13f5bb7afa512785720143b98d0 Mon Sep 17 00:00:00 2001
From: Samuel Liu <liupeng0518@gmail.com>
Date: Fri, 20 May 2022 02:13:20 +0800
Subject: [PATCH] [calico]use ipamconfig instead of calico ipam command (#8839)

* use ipamconfig instead of calico ipam command

* fix ansible lint
---
 .../csi_driver/upcloud/tasks/main.yml         |  1 +
 .../upcloud-csi/tasks/main.yml                |  1 +
 roles/network_plugin/calico/defaults/main.yml |  8 ++++++-
 roles/network_plugin/calico/tasks/install.yml | 23 ++++++++++++-------
 .../calico/templates/calico-ipamconfig.yml.j2 |  8 +++++++
 5 files changed, 32 insertions(+), 9 deletions(-)
 create mode 100644 roles/network_plugin/calico/templates/calico-ipamconfig.yml.j2

diff --git a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
index e11e8e2d1..011731503 100644
--- a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
@@ -18,6 +18,7 @@
   template:
     src: "{{ item.file }}.j2"
     dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
   with_items:
     - {name: upcloud-csi-cred-secret, file: upcloud-csi-cred-secret.yml}
     - {name: upcloud-csi-setup, file: upcloud-csi-setup.yml}
diff --git a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
index f63e49a9b..26104a092 100644
--- a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
@@ -3,6 +3,7 @@
   template:
     src: "upcloud-csi-storage-class.yml.j2"
     dest: "{{ kube_config_dir }}/upcloud-csi-storage-class.yml"
+    mode: 0644
   register: manifests
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 9e947ec70..e73545c21 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -133,8 +133,14 @@ calico_felix_log_severity_screen: Info
 # Calico container settings
 calico_allow_ip_forwarding: false
 
-# Calico IPAM strictaffinity
+# Calico IPAM strictAffinity
 calico_ipam_strictaffinity: false
 
+# Calico IPAM autoAllocateBlocks
+calcio_ipam_autoallocateblocks: true
+
+# Calico IPAM maxBlocksPerHost, default 0
+calico_ipam_maxblocksperhost: 0
+
 # Calico apiserver (only with kdd)
 calico_apiserver_enabled: false
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 164ae0e0e..402aeeeb9 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -491,13 +491,20 @@
     - peer_with_router|default(false)
     - inventory_hostname == groups['kube_control_plane'][0]
 
-- name: Calico | Configure ipam strictaffinity
-  command:
-    cmd: "{{ bin_dir }}/calicoctl.sh ipam configure --strictaffinity={{ calico_ipam_strictaffinity }}"
-  register: output
-  retries: 4
-  until: output.rc == 0
-  delay: "{{ retry_stagger | random + 3 }}"
+- name: Calico | Create Calico ipam manifests
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
+  with_items:
+    - {name: calico, file: calico-ipamconfig.yml, type: ipam}
+  when:
+    - inventory_hostname in groups['kube_control_plane']
+
+- name: Calico | Create ipamconfig resources
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/calico-ipamconfig.yml"
+    state: "latest"
   when:
-    - calico_ipam_strictaffinity is defined
     - inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/network_plugin/calico/templates/calico-ipamconfig.yml.j2 b/roles/network_plugin/calico/templates/calico-ipamconfig.yml.j2
new file mode 100644
index 000000000..3cb85c1bf
--- /dev/null
+++ b/roles/network_plugin/calico/templates/calico-ipamconfig.yml.j2
@@ -0,0 +1,8 @@
+apiVersion: crd.projectcalico.org/v1
+kind: IPAMConfig
+metadata:
+  name: default
+spec:
+  autoAllocateBlocks: {{ calcio_ipam_autoallocateblocks }}
+  strictAffinity: {{ calico_ipam_strictaffinity }}
+  maxBlocksPerHost: {{ calico_ipam_maxblocksperhost }}
-- 
GitLab