--- - name: ensure required python bindings are present when: ansible_os_family == 'Archlinux' become: true community.general.pacman: name: "{{ k8s_network_packages }}" state: latest update_cache: true - name: create target directory for calico files ansible.builtin.file: path: "{{ ansible_search_path[0] }}/files/calico" state: directory mode: 0775 - name: download the calico operator manifest ansible.builtin.uri: url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/tigera-operator.yaml dest: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml" creates: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml" mode: 0664 - name: download calico configuration ansible.builtin.uri: url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/custom-resources.yaml dest: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml" creates: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml" mode: 0664 - name: read the default config into memory ansible.builtin.slurp: src: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml" register: calico_file_raw - name: split and parse calico settings from the file data # to_yaml will reject the --- in the original manifest, hence data must be split. ansible.builtin.set_fact: calico_default_installation: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[0] | from_yaml }}" calico_default_apiserver: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[1] | from_yaml }}" - name: create ip settings for calico config ansible.builtin.set_fact: calico_ip: - blockSize: "{{ k8s_v4_network_blocksize }}" cidr: "{{ k8s_v4_pod_cidr }}" encapsulation: "{{ k8s_network_encapsulation }}" natOutgoing: "{{ k8s_network_nat }}" nodeSelector: "all()" - blockSize: "{{ k8s_v6_network_blocksize }}" cidr: "{{ k8s_v6_pod_cidr }}" encapsulation: "{{ k8s_network_encapsulation }}" natOutgoing: "{{ k8s_network_nat }}" nodeSelector: "all()" - name: update calico installation settings to desired values ansible.utils.update_fact: updates: - path: calico_default_installation.spec.calicoNetwork.ipPools value: "{{ calico_ip }}" - path: calico_default_installation.spec.calicoNetwork.bgp value: "{{ k8s_network_bgp }}" - path: calico_default_installation.spec.calicoNetwork.linuxDataplane value: "{{ k8s_network_dataplane }}" - path: calico_default_installation.spec.calicoNetwork.hostPorts value: "{{ k8s_network_hostports }}" register: calico_updated_installation - name: create tigera operator namespace ansible.builtin.set_fact: calico_namespace: apiVersion: v1 kind: Namespace metadata: name: tigera-operator labels: name: tigera-operator # - name: add config map for ebpf mode # https://projectcalico.docs.tigera.io/maintenance/ebpf/install # ansible.builtin.set_fact: # calico_configmap_ebpf: # kind: ConfigMap # apiVersion: v1 # metadata: # name: kubernetes-services-endpoint # namespace: tigera-operator # data: # KUBERNETES_SERVICE_HOST: "{{ k8s_address }}" # KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}" - name: add bgp peer for gateway/router ansible.builtin.set_fact: calico_bgp_peer: apiVersion: crd.projectcalico.org/v1 kind: BGPPeer metadata: name: "{{ k8s_network_bgp_peer_name }}" spec: peerIP: "{{ k8s_network_bgp_peer_address }}" asNumber: "{{ k8s_network_bgp_peer_as }}" - name: write out calico namespace crd ansible.builtin.copy: content: "{{ calico_namespace | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element dest: "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml" # - name: write out calico configmap for ebpf mode # ansible.builtin.copy: # content: "{{ calico_configmap_ebpf | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element # dest: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml" - name: write out calico installation definition ansible.builtin.copy: content: "{{ calico_updated_installation.calico_default_installation | to_nice_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element dest: "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml" - name: write out calico apiserver definition ansible.builtin.copy: content: "{{ calico_default_apiserver | to_nice_yaml }}" dest: "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml" # TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work?? # crd.projectcalico.org/v1 # projectcalico.org/v3 - name: write out calico bgp peer definition ansible.builtin.copy: content: "{{ calico_bgp_peer | to_nice_yaml }}" dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml" - name: install calico definitions to cluster # The order here matters. namespace > config map > operator > installation kubernetes.core.k8s: state: present src: "{{ item }}" with_items: # - "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml" # - "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"