--- - name: ensure required python bindings are present when: ansible_os_family == 'Archlinux' become: true community.general.pacman: name: "{{ k8s_network_packages }}" state: latest update_cache: true - name: create target directory for calico files ansible.builtin.file: path: "{{ ansible_search_path[0] }}/files/calico" state: directory mode: 0775 - name: download the calico operator manifest ansible.builtin.uri: url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/tigera-operator.yaml dest: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml" creates: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml" mode: 0664 - name: download calico configuration ansible.builtin.uri: url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/custom-resources.yaml dest: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml" creates: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml" mode: 0664 - name: read the default config into memory ansible.builtin.slurp: src: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml" register: calico_file_raw - name: split and parse calico settings from the file data # to_yaml will reject the --- in the original manifest, hence data must be split. ansible.builtin.set_fact: calico_default_installation: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[0] | from_yaml }}" calico_default_apiserver: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[1] | from_yaml }}" - name: update calico installation settings to desired values ansible.utils.update_fact: updates: - path: calico_default_installation.spec.calicoNetwork.ipPools[0].blockSize value: "{{ k8s_network_blocksize }}" - path: calico_default_installation.spec.calicoNetwork.ipPools[0].cidr value: "{{ k8s_pod_cidr }}" - path: calico_default_installation.spec.calicoNetwork.ipPools[0].encapsulation value: "{{ k8s_network_encapsulation }}" - path: calico_default_installation.spec.calicoNetwork.ipPools[0].natOutgoing value: "{{ k8s_network_nat }}" - path: calico_default_installation.spec.calicoNetwork.bgp value: "{{ k8s_network_bgp }}" - path: calico_default_installation.spec.calicoNetwork.linuxDataplane value: "{{ k8s_network_dataplane }}" - path: calico_default_installation.spec.calicoNetwork.hostPorts value: "{{ k8s_network_hostports }}" register: calico_updated_installation - name: add config map for ebpf mode # https://projectcalico.docs.tigera.io/maintenance/ebpf/install ansible.builtin.set_fact: calico_configmap_ebpf: kind: ConfigMap apiVersion: v1 metadata: name: kubernetes-services-endpoint namespace: tigera-operator data: KUBERNETES_SERVICE_HOST: "{{ k8s_endpoint }}" KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}" - name: add bgp peer for gateway/router ansible.builtin.set_fact: calico_bgp_peer: apiVersion: crd.projectcalico.org/v1 kind: BGPPeer metadata: name: "{{ k8s_network_bgp_peer_name }}" spec: peerIP: "{{ k8s_network_bgp_peer_address }}" asNumber: "{{ k8s_network_bgp_peer_as }}" - name: write out calico configmap for ebpf mode ansible.builtin.copy: content: "{{ calico_configmap_ebpf | to_nice_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element dest: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml" - name: write out calico installation definition ansible.builtin.copy: content: "{{ calico_updated_installation.calico_default_installation | to_nice_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element dest: "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml" - name: write out calico apiserver definition ansible.builtin.copy: content: "{{ calico_default_apiserver | to_nice_yaml }}" dest: "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml" # TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work?? # crd.projectcalico.org/v1 # projectcalico.org/v3 - name: write out calico bgp peer definition ansible.builtin.copy: content: "{{ calico_bgp_peer | to_nice_yaml }}" dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml" - name: install configmap for ebpf mode to cluster kubernetes.core.k8s: src: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml" state: present - name: install calico operator to cluster kubernetes.core.k8s: src: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml" state: present - name: install calico definitions to cluster kubernetes.core.k8s: state: present src: "{{ item }}" with_items: - "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"