145 lines
6.4 KiB
YAML
145 lines
6.4 KiB
YAML
---
|
|
- name: ensure required python bindings are present
|
|
when: ansible_os_family == 'Archlinux'
|
|
become: true
|
|
community.general.pacman:
|
|
name: "{{ k8s_network_packages }}"
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: create target directory for calico files
|
|
ansible.builtin.file:
|
|
path: "{{ ansible_search_path[0] }}/files/calico"
|
|
state: directory
|
|
mode: 0775
|
|
|
|
- name: download the calico operator manifest
|
|
ansible.builtin.uri:
|
|
url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/tigera-operator.yaml
|
|
dest: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
|
|
creates: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
|
|
mode: 0664
|
|
|
|
- name: download calico configuration
|
|
ansible.builtin.uri:
|
|
url: https://raw.githubusercontent.com/projectcalico/calico/{{ calico_version }}/manifests/custom-resources.yaml
|
|
dest: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
|
|
creates: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
|
|
mode: 0664
|
|
|
|
- name: read the default config into memory
|
|
ansible.builtin.slurp:
|
|
src: "{{ ansible_search_path[0] }}/files/calico/calico_resources_{{ calico_version }}.yaml"
|
|
register: calico_file_raw
|
|
|
|
- name: split and parse calico settings from the file data # to_yaml will reject the --- in the original manifest, hence data must be split.
|
|
ansible.builtin.set_fact:
|
|
calico_default_installation: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[0] | from_yaml }}"
|
|
calico_default_apiserver: "{{ (calico_file_raw['content'] | b64decode).split(\"---\")[1] | from_yaml }}"
|
|
|
|
- name: create ipv6 settings for calico config
|
|
ansible.builtin.set_fact:
|
|
calico_ipv6:
|
|
blockSize: "{{ k8s_v6_network_blocksize }}"
|
|
cidr: "{{ k8s_v6_pod_cidr }}"
|
|
encapsulation: "{{ k8s_network_encapsulation }}"
|
|
natOutgoing: "{{ k8s_network_nat }}"
|
|
nodeSelector: "all()"
|
|
|
|
- name: update calico installation settings to desired values
|
|
ansible.utils.update_fact:
|
|
updates:
|
|
- path: calico_default_installation.spec.calicoNetwork.ipPools[0].blockSize
|
|
value: "{{ k8s_v4_network_blocksize }}"
|
|
- path: calico_default_installation.spec.calicoNetwork.ipPools[0].cidr
|
|
value: "{{ k8s_v4_pod_cidr }}"
|
|
- path: calico_default_installation.spec.calicoNetwork.ipPools[0].encapsulation
|
|
value: "{{ k8s_network_encapsulation }}"
|
|
- path: calico_default_installation.spec.calicoNetwork.ipPools[0].natOutgoing
|
|
value: "{{ k8s_network_nat }}"
|
|
- path: calico_default_installation.spec.calicoNetwork.ipPools[0].nodeSelector
|
|
value: "all()"
|
|
- path: calico_default_installation.spec.calicoNetwork.ipPools
|
|
value: "{{ calico_default_installation.spec.calicoNetwork.ipPools + [ calico_ipv6 ] }}"
|
|
- path: calico_default_installation.spec.calicoNetwork.bgp
|
|
value: "{{ k8s_network_bgp }}"
|
|
- path: calico_default_installation.spec.calicoNetwork.linuxDataplane
|
|
value: "{{ k8s_network_dataplane }}"
|
|
- path: calico_default_installation.spec.calicoNetwork.hostPorts
|
|
value: "{{ k8s_network_hostports }}"
|
|
register: calico_updated_installation
|
|
|
|
- name: create tigera operator namespace
|
|
ansible.builtin.set_fact:
|
|
calico_namespace:
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: tigera-operator
|
|
labels:
|
|
name: tigera-operator
|
|
|
|
# - name: add config map for ebpf mode # https://projectcalico.docs.tigera.io/maintenance/ebpf/install
|
|
# ansible.builtin.set_fact:
|
|
# calico_configmap_ebpf:
|
|
# kind: ConfigMap
|
|
# apiVersion: v1
|
|
# metadata:
|
|
# name: kubernetes-services-endpoint
|
|
# namespace: tigera-operator
|
|
# data:
|
|
# KUBERNETES_SERVICE_HOST: "{{ k8s_address }}"
|
|
# KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}"
|
|
|
|
- name: add bgp peer for gateway/router
|
|
ansible.builtin.set_fact:
|
|
calico_bgp_peer:
|
|
apiVersion: crd.projectcalico.org/v1
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: "{{ k8s_network_bgp_peer_name }}"
|
|
spec:
|
|
peerIP: "{{ k8s_network_bgp_peer_address }}"
|
|
asNumber: "{{ k8s_network_bgp_peer_as }}"
|
|
|
|
- name: write out calico namespace crd
|
|
ansible.builtin.copy:
|
|
content: "{{ calico_namespace | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
|
|
dest: "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
|
|
|
|
# - name: write out calico configmap for ebpf mode
|
|
# ansible.builtin.copy:
|
|
# content: "{{ calico_configmap_ebpf | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
|
|
# dest: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
|
|
|
|
- name: write out calico installation definition
|
|
ansible.builtin.copy:
|
|
content: "{{ calico_updated_installation.calico_default_installation | to_nice_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
|
|
dest: "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
|
|
|
|
- name: write out calico apiserver definition
|
|
ansible.builtin.copy:
|
|
content: "{{ calico_default_apiserver | to_nice_yaml }}"
|
|
dest: "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
|
|
|
|
# TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work??
|
|
# crd.projectcalico.org/v1
|
|
# projectcalico.org/v3
|
|
|
|
- name: write out calico bgp peer definition
|
|
ansible.builtin.copy:
|
|
content: "{{ calico_bgp_peer | to_nice_yaml }}"
|
|
dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"
|
|
|
|
- name: install calico definitions to cluster # The order here matters. namespace > config map > operator > installation
|
|
kubernetes.core.k8s:
|
|
state: present
|
|
src: "{{ item }}"
|
|
with_items:
|
|
# - "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
|
|
# - "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
|
|
- "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
|
|
- "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
|
|
- "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
|
|
- "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"
|