2022-11-01 05:13:56 -04:00
---
- name : ensure required python bindings are present
when : ansible_os_family == 'Archlinux'
become : true
community.general.pacman :
name : "{{ k8s_network_packages }}"
state : latest
update_cache : true
- name : create target directory for calico files
ansible.builtin.file :
path : "{{ ansible_search_path[0] }}/files/calico"
state : directory
mode : 0775
- name : download the calico operator manifest
ansible.builtin.uri :
url : https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/tigera-operator.yaml
dest : "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
creates : "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
mode : 0664
- name : download calico configuration
ansible.builtin.uri :
url : https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/custom-resources.yaml
dest : "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
creates : "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
mode : 0664
- name : read the default config into memory
ansible.builtin.slurp :
src : "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
register : calico_file_raw
- name : split and parse calico settings from the file data # to_yaml will reject the --- in the original manifest, hence data must be split.
ansible.builtin.set_fact :
calico_default_installation : "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[0] | from_yaml }}"
calico_default_apiserver : "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[1] | from_yaml }}"
- name : update calico installation settings to desired values
ansible.utils.update_fact :
updates :
- path : calico_default_installation.spec.calicoNetwork.ipPools[0].blockSize
value : "{{ k8s_network_blocksize }}"
- path : calico_default_installation.spec.calicoNetwork.ipPools[0].cidr
value : "{{ k8s_pod_cidr }}"
- path : calico_default_installation.spec.calicoNetwork.ipPools[0].encapsulation
value : "{{ k8s_network_encapsulation }}"
- path : calico_default_installation.spec.calicoNetwork.ipPools[0].natOutgoing
value : "{{ k8s_network_nat }}"
- path : calico_default_installation.spec.calicoNetwork.bgp
value : "{{ k8s_network_bgp }}"
- path : calico_default_installation.spec.calicoNetwork.linuxDataplane
value : "{{ k8s_network_dataplane }}"
- path : calico_default_installation.spec.calicoNetwork.hostPorts
value : "{{ k8s_network_hostports }}"
register : calico_updated_installation
2022-11-02 10:59:42 -04:00
- name : create tigera operator namespace
2022-11-01 05:13:56 -04:00
ansible.builtin.set_fact :
2022-11-02 10:59:42 -04:00
calico_namespace :
2022-11-01 05:13:56 -04:00
apiVersion : v1
2022-11-02 10:59:42 -04:00
kind : Namespace
2022-11-01 05:13:56 -04:00
metadata :
2022-11-02 10:59:42 -04:00
name : tigera-operator
labels :
name : tigera-operator
# - name: add config map for ebpf mode # https://projectcalico.docs.tigera.io/maintenance/ebpf/install
# ansible.builtin.set_fact:
# calico_configmap_ebpf:
# kind: ConfigMap
# apiVersion: v1
# metadata:
# name: kubernetes-services-endpoint
# namespace: tigera-operator
# data:
# KUBERNETES_SERVICE_HOST: "{{ k8s_address }}"
# KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}"
2022-11-01 05:13:56 -04:00
- name : add bgp peer for gateway/router
ansible.builtin.set_fact :
calico_bgp_peer :
apiVersion : crd.projectcalico.org/v1
kind : BGPPeer
metadata :
name : "{{ k8s_network_bgp_peer_name }}"
spec :
peerIP : "{{ k8s_network_bgp_peer_address }}"
asNumber : "{{ k8s_network_bgp_peer_as }}"
2022-11-02 10:59:42 -04:00
- name : write out calico namespace crd
2022-11-01 05:13:56 -04:00
ansible.builtin.copy :
2022-11-02 10:59:42 -04:00
content : "{{ calico_namespace | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
dest : "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
# - name: write out calico configmap for ebpf mode
# ansible.builtin.copy:
# content: "{{ calico_configmap_ebpf | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
# dest: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
2022-11-01 05:13:56 -04:00
- name : write out calico installation definition
ansible.builtin.copy :
content : "{{ calico_updated_installation.calico_default_installation | to_nice_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
dest : "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
- name : write out calico apiserver definition
ansible.builtin.copy :
content : "{{ calico_default_apiserver | to_nice_yaml }}"
dest : "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
2022-11-01 20:21:31 -04:00
# TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work??
# crd.projectcalico.org/v1
# projectcalico.org/v3
2022-11-02 10:59:42 -04:00
2022-11-01 05:13:56 -04:00
- name : write out calico bgp peer definition
ansible.builtin.copy :
content : "{{ calico_bgp_peer | to_nice_yaml }}"
dest : "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"
2022-11-02 10:59:42 -04:00
- name : install calico definitions to cluster # The order here matters. namespace > config map > operator > installation
2022-11-01 05:13:56 -04:00
kubernetes.core.k8s :
state : present
src : "{{ item }}"
with_items :
2022-11-02 10:59:42 -04:00
# - "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
# - "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
- "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
2022-11-01 05:13:56 -04:00
- "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
- "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
- "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"