1
0
IaC/ansible/roles/k8s_network/tasks/main.yaml

175 lines
7.2 KiB
YAML
Raw Normal View History

2022-11-01 09:13:56 +00:00
---
- name: ensure required python bindings are present
when: ansible_os_family == 'Archlinux'
become: true
community.general.pacman:
name: "{{ k8s_network_packages }}"
state: latest
update_cache: true
- name: create target directory for calico files
ansible.builtin.file:
path: "{{ ansible_search_path[0] }}/files/calico"
state: directory
mode: 0775
- name: download the calico operator manifest
ansible.builtin.uri:
url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/tigera-operator.yaml
dest: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
creates: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
mode: 0664
- name: download calico configuration
ansible.builtin.uri:
url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/custom-resources.yaml
dest: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
creates: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
mode: 0664
- name: read the default config into memory
ansible.builtin.slurp:
src: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
register: calico_file_raw
- name: split and parse calico settings from the file data # to_yaml will reject the --- in the original manifest, hence data must be split.
ansible.builtin.set_fact:
calico_default_installation: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[0] | from_yaml }}"
calico_default_apiserver: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[1] | from_yaml }}"
2022-12-05 23:48:15 +00:00
- name: create ip settings for calico config
2022-12-05 13:31:59 +00:00
ansible.builtin.set_fact:
2022-12-05 23:48:15 +00:00
calico_ip:
- blockSize: "{{ k8s_v4_network_blocksize }}"
cidr: "{{ k8s_v4_pod_cidr }}"
encapsulation: "{{ k8s_network_encapsulation }}"
natOutgoing: "{{ k8s_network_nat }}"
nodeSelector: "all()"
- blockSize: "{{ k8s_v6_network_blocksize }}"
2022-12-05 13:31:59 +00:00
cidr: "{{ k8s_v6_pod_cidr }}"
encapsulation: "{{ k8s_network_encapsulation }}"
natOutgoing: "{{ k8s_network_nat }}"
nodeSelector: "all()"
2022-11-01 09:13:56 +00:00
- name: update calico installation settings to desired values
ansible.utils.update_fact:
updates:
2022-12-05 13:49:23 +00:00
- path: calico_default_installation.spec.calicoNetwork.ipPools
2022-12-05 23:48:15 +00:00
value: "{{ calico_ip }}"
2022-11-01 09:13:56 +00:00
- path: calico_default_installation.spec.calicoNetwork.bgp
value: "{{ k8s_network_bgp }}"
- path: calico_default_installation.spec.calicoNetwork.linuxDataplane
value: "{{ k8s_network_dataplane }}"
- path: calico_default_installation.spec.calicoNetwork.hostPorts
value: "{{ k8s_network_hostports }}"
register: calico_updated_installation
2022-11-02 14:59:42 +00:00
- name: create tigera operator namespace
2022-11-01 09:13:56 +00:00
ansible.builtin.set_fact:
2022-11-02 14:59:42 +00:00
calico_namespace:
2022-11-01 09:13:56 +00:00
apiVersion: v1
2022-11-02 14:59:42 +00:00
kind: Namespace
2022-11-01 09:13:56 +00:00
metadata:
2022-11-02 14:59:42 +00:00
name: tigera-operator
labels:
name: tigera-operator
# - name: add config map for ebpf mode # https://projectcalico.docs.tigera.io/maintenance/ebpf/install
# ansible.builtin.set_fact:
# calico_configmap_ebpf:
# kind: ConfigMap
# apiVersion: v1
# metadata:
# name: kubernetes-services-endpoint
# namespace: tigera-operator
# data:
# KUBERNETES_SERVICE_HOST: "{{ k8s_address }}"
# KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}"
2022-11-01 09:13:56 +00:00
2022-12-06 10:06:44 +00:00
- name: add bgp v4 peer for gateway/router
2022-11-01 09:13:56 +00:00
ansible.builtin.set_fact:
2022-12-06 10:06:44 +00:00
calico_bgp_v4_peer:
2022-11-01 09:13:56 +00:00
apiVersion: crd.projectcalico.org/v1
kind: BGPPeer
metadata:
2022-12-06 10:06:44 +00:00
name: "{{ k8s_network_bgp_v4_peer_name }}"
2022-11-01 09:13:56 +00:00
spec:
2022-12-06 10:06:44 +00:00
peerIP: "{{ k8s_network_bgp_v4_peer_address }}"
asNumber: "{{ k8s_network_bgp_peer_as }}"
- name: add bgp v6 peer for gateway/router
ansible.builtin.set_fact:
calico_bgp_v6_peer:
apiVersion: crd.projectcalico.org/v1
kind: BGPPeer
metadata:
name: "{{ k8s_network_bgp_v6_peer_name }}"
spec:
peerIP: "{{ k8s_network_bgp_v6_peer_address }}"
2022-11-01 09:13:56 +00:00
asNumber: "{{ k8s_network_bgp_peer_as }}"
2022-12-06 11:12:15 +00:00
- name: add bgp configuration
ansible.builtin.set_fact:
calico_bgp_configuration:
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
name: default
spec:
serviceClusterIPs:
- cidr: "{{ k8s_v4_service_cidr }}"
- cidr: "{{ k8s_v6_service_cidr }}"
2022-11-02 14:59:42 +00:00
- name: write out calico namespace crd
2022-11-01 09:13:56 +00:00
ansible.builtin.copy:
2022-11-02 14:59:42 +00:00
content: "{{ calico_namespace | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
dest: "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
# - name: write out calico configmap for ebpf mode
# ansible.builtin.copy:
# content: "{{ calico_configmap_ebpf | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
# dest: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
2022-11-01 09:13:56 +00:00
- name: write out calico installation definition
ansible.builtin.copy:
content: "{{ calico_updated_installation.calico_default_installation | to_nice_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
dest: "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
- name: write out calico apiserver definition
ansible.builtin.copy:
content: "{{ calico_default_apiserver | to_nice_yaml }}"
dest: "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
2022-11-02 00:21:31 +00:00
# TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work??
# crd.projectcalico.org/v1
# projectcalico.org/v3
2022-11-02 14:59:42 +00:00
2022-12-06 10:06:44 +00:00
- name: write out calico bgp v4 peer definition
ansible.builtin.copy:
content: "{{ calico_bgp_v4_peer | to_nice_yaml }}"
dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v4_peer.yaml"
- name: write out calico bgp v6 peer definition
2022-11-01 09:13:56 +00:00
ansible.builtin.copy:
2022-12-06 10:06:44 +00:00
content: "{{ calico_bgp_v6_peer | to_nice_yaml }}"
dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v6_peer.yaml"
2022-11-01 09:13:56 +00:00
2022-12-06 11:12:15 +00:00
- name: write out calico bgp configuration definition
ansible.builtin.copy:
content: "{{ calico_bgp_configuration | to_nice_yaml }}"
dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_configuration.yaml"
2022-11-02 14:59:42 +00:00
- name: install calico definitions to cluster # The order here matters. namespace > config map > operator > installation
2022-11-01 09:13:56 +00:00
kubernetes.core.k8s:
state: present
src: "{{ item }}"
with_items:
2022-11-02 14:59:42 +00:00
# - "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
# - "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
- "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
2022-11-01 09:13:56 +00:00
- "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
- "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
2022-12-06 10:06:44 +00:00
- "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v4_peer.yaml"
- "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v6_peer.yaml"
2022-12-06 11:12:15 +00:00
- "{{ ansible_search_path[0] }}/files/calico/calico_bgp_configuration.yaml"