From dc16ab92f45d3310358ae3e803be24a881e9f2e4 Mon Sep 17 00:00:00 2001
From: Julian Tabel <juliantabel.jt@gmail.com>
Date: Mon, 8 Jul 2019 11:20:03 +0200
Subject: [PATCH] fix for calico with kdd datastore (#4922)

* fix for calico with kdd datastore

* remove AS number from daemonset

* revert changes to canal

* additionnal fixes for kdd datastore in calico
---
 roles/network_plugin/calico/tasks/check.yml   |  8 +---
 roles/network_plugin/calico/tasks/install.yml | 45 +++++++++++++------
 .../calico/templates/calico-node.yml.j2       |  7 +--
 .../{calicoctl.sh.j2 => calicoctl.etcd.sh.j2} |  0
 .../calico/templates/calicoctl.kdd.sh.j2      |  6 +++
 5 files changed, 40 insertions(+), 26 deletions(-)
 rename roles/network_plugin/calico/templates/{calicoctl.sh.j2 => calicoctl.etcd.sh.j2} (100%)
 create mode 100644 roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2

diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml
index 3b93d2c7f..b75c93d82 100644
--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -10,16 +10,10 @@
   run_once: yes
 
 - name: "Get current version of calico cluster version"
-  shell: "{{ bin_dir }}/calicoctl version  | grep 'Cluster Version:' | awk '{ print $3}'"
+  shell: "{{ bin_dir }}/calicoctl.sh version  | grep 'Cluster Version:' | awk '{ print $3}'"
   register: calico_version_on_server
   run_once: yes
   changed_when: false
-  environment:
-    ETCD_ENDPOINTS: "{{ etcd_access_addresses }}"
-    ETCD_CA_CERT_FILE: "{{ calico_cert_dir }}/ca_cert.crt"
-    ETCD_CERT_FILE: "{{ calico_cert_dir }}/cert.crt"
-    ETCD_KEY_FILE: "{{ calico_cert_dir }}/key.pem"
-
 
 - name: "Determine if calico upgrade is needed"
   block:
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index aa5f1f729..287552640 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -35,7 +35,7 @@
 
 - name: Calico | Install calicoctl wrapper script
   template:
-    src: calicoctl.sh.j2
+    src: "calicoctl.{{ calico_datastore }}.sh.j2"
     dest: "{{ bin_dir }}/calicoctl.sh"
     mode: 0755
     owner: root
@@ -73,6 +73,32 @@
     - 'calico_conf.stdout == "0"'
     - calico_pool_cidr is defined
 
+- name: Calico | Create calico manifests for kdd
+  template:
+    src: "{{ item.file }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item.file }}"
+  with_items:
+    - {name: calico, file: kdd-crds.yml, type: kdd}
+  register: calico_node_kdd_manifest
+  when:
+    - inventory_hostname in groups['kube-master']
+    - calico_datastore == "kdd"
+
+- name: Start Calico resources
+  kube:
+    name: "{{ item.item.name }}"
+    namespace: "kube-system"
+    kubectl: "{{ bin_dir }}/kubectl"
+    resource: "{{ item.item.type }}"
+    filename: "{{ kube_config_dir }}/{{ item.item.file }}"
+    state: "latest"
+  with_items:
+    - "{{ calico_node_kdd_manifest.results }}"
+  when:
+    - inventory_hostname == groups['kube-master'][0] and not item is skipped
+  loop_control:
+    label: "{{ item.item.file }}"
+
 - name: Calico | Configure calico network pool (v3.0.0 <= version < v3.3.0)
   shell: >
     echo "
@@ -180,9 +206,10 @@
         "asNumber": "{{ local_as }}"
       },
       "orchRefs":[{"nodeName":"{{ inventory_hostname }}","orchestrator":"k8s"}]
-   }}' | {{ bin_dir }}/calicoctl.sh create --skip-exists -f -
+   }}' | {{ bin_dir }}/calicoctl.sh {{ 'apply -f -' if calico_datastore == "kdd" else 'create --skip-exists -f -' }}
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   when:
     - calico_version is version('v3.0.0', '>=')
     - peer_with_router|default(false)
@@ -230,6 +257,7 @@
   delay: "{{ retry_stagger | random + 3 }}"
   with_items:
     - "{{ peers|selectattr('scope','undefined')|list|default([]) | union(peers|selectattr('scope','defined')|selectattr('scope','equalto', 'node')|list|default([])) }}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   when:
     - calico_version is version('v3.0.0', '>=')
     - peer_with_router|default(false)
@@ -269,6 +297,7 @@
   with_items:
     - "{{ peers|selectattr('scope','defined')|selectattr('scope','equalto', 'global')|list|default([]) }}"
   run_once: true
+  delegate_to: "{{ groups['kube-master'][0] }}"
   when:
     - calico_version | version_compare('v3.0.0', '>=')
     - peer_with_router|default(false)
@@ -309,6 +338,7 @@
   delay: "{{ retry_stagger | random + 3 }}"
   with_items:
     - "{{ groups['calico-rr'] | default([]) }}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   when:
     - calico_version is version('v3.0.0', '>=')
     - peer_with_calico_rr|default(false)
@@ -351,17 +381,6 @@
     - inventory_hostname in groups['kube-master']
     - rbac_enabled or item.type not in rbac_resources
 
-- name: Calico | Create calico manifests for kdd
-  template:
-    src: "{{ item.file }}.j2"
-    dest: "{{ kube_config_dir }}/{{ item.file }}"
-  with_items:
-    - {name: calico, file: kdd-crds.yml, type: kdd}
-  register: calico_node_kdd_manifest
-  when:
-    - inventory_hostname in groups['kube-master']
-    - calico_datastore == "kdd"
-
 - name: Calico | Create calico manifests for typha
   template:
     src: "{{ item.file }}.j2"
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index ffb05c872..6d0b6a63f 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -145,11 +145,6 @@ spec:
             # Wait for the datastore.
             - name: WAIT_FOR_DATASTORE
               value: "true"
-            # Set based on the k8s node name.
-            - name: NODENAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
 {% endif %}
             # Choose the backend to use.
             - name: CALICO_NETWORKING_BACKEND
@@ -189,7 +184,7 @@ spec:
 # should be set in etcd before deployment
 #            # Configure the IP Pool from which Pod IPs will be chosen.
 #            - name: CALICO_IPV4POOL_CIDR
-#              value: "192.168.0.0/16"
+#              value: "{{ calico_pool_cidr | default(kube_pods_subnet) }}"
             - name: CALICO_IPV4POOL_IPIP
               value: "{{ calico_ipv4pool_ipip }}"
             # Disable IPv6 on Kubernetes.
diff --git a/roles/network_plugin/calico/templates/calicoctl.sh.j2 b/roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2
similarity index 100%
rename from roles/network_plugin/calico/templates/calicoctl.sh.j2
rename to roles/network_plugin/calico/templates/calicoctl.etcd.sh.j2
diff --git a/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2 b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2
new file mode 100644
index 000000000..c795dcb05
--- /dev/null
+++ b/roles/network_plugin/calico/templates/calicoctl.kdd.sh.j2
@@ -0,0 +1,6 @@
+#!/bin/bash
+DATASTORE_TYPE=kubernetes \
+{% if inventory_hostname in groups['kube-master'] %}
+KUBECONFIG={{ kube_config_dir }}/admin.conf \
+{% endif %}
+{{ bin_dir }}/calicoctl "$@"
-- 
GitLab