feat: add calico support

2021-05-26 08:32:48 -04:00 · 2021-05-26 08:32:48 -04:00 · 96a0e2f6a4
parent 6bff9b9981
commit 96a0e2f6a4
9 changed files with 111 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -295,6 +295,20 @@ ensure a majority in the event of a network partition. If you want to use 2
 members or an even number of members, please set `k3s_use_unsupported_config`
 to `true`.

+## Add-ons
+
+### Calico CNI
+
+| Variable                  | Description                                                                                                     | Default Value                                                                 |
+|---------------------------|-----------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------|
+| `calico`                  | Use Calico CNI                                                                                                  | `false`                                                                       |
+| `calico_tigera_manifest`  | URL to the tigera operator manifest                                                                             | `https://docs.projectcalico.org/archive/v3.18/manifests/tigera-operator.yaml` |
+| `calico_encapsulation`    | Encapsulation type                                                                                              | `None`                                                                        |
+| `calico_bgp`              | Use BGP                                                                                                         | `false`                                                                       |
+| `calico_bgp_peer_ip`      | BGP Peer IP (usually your router IP address)                                                                    | NULL                                                                          |
+| `calico_bgp_as_number`    | BGP Autonomous System Number (must be the same across all BGP peers)                                            | NULL                                                                          |
+| `calico_bgp_external_ips` | BGP Network you want services to consume (this network should not exist or be defined anywhere in your network) | NULL                                                                          |
+
 ## Dependencies

 No dependencies on other roles.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -119,4 +119,17 @@ k3s_registries:
 #        # path to the key file used in the registry
 #        key_file:
 #        # path to the ca file used in the registry
-#        ca_file:
+#        ca_file:
+
+#
+# Addons
+#
+
+# Calico
+calico: false
+calico_tigera_manifest: https://docs.projectcalico.org/archive/v3.18/manifests/tigera-operator.yaml
+calico_encapsulation: "None"
+calico_bgp: false
+calico_bgp_peer_ip: null
+calico_bgp_as_number: null
+calico_bgp_external_ips: null
--- a/tasks/build/addons/calico.yml
+++ b/tasks/build/addons/calico.yml
@ -0,0 +1,31 @@
+---
+
+- name: Deploy tigera operator to k3s manifest directory
+  ansible.builtin.get_url:
+    url: "{{ calico_tigera_manifest }}"
+    dest: "{{ k3s_server_manifests_dir }}/tigera-operator.yaml"
+    mode: 0644
+
+- name: Deploy configuration to k3s manifest directory
+  ansible.builtin.template:
+    src: "calico-installation.yaml.j2"
+    dest: "{{ k3s_server_manifests_dir }}/calico-installation.yaml"
+    mode: 0644
+
+- name: Deploy BGP-peer to k3s manifest directory
+  ansible.builtin.template:
+    src: "calico-bgppeer.yaml.j2"
+    dest: "{{ k3s_server_manifests_dir }}/calico-bgppeer.yaml"
+    mode: 0644
+  when:
+  - calico_bgp is defined
+  - calico_bgp
+
+- name: Deploy BGP-configuration to k3s manifest directory
+  ansible.builtin.template:
+    src: "calico-bgpconfiguration.yaml.j2"
+    dest: "{{ k3s_server_manifests_dir }}/calico-bgpconfiguration.yaml"
+    mode: 0644
+  when:
+  - calico_bgp is defined
+  - calico_bgp
--- a/tasks/state-installed.yml
+++ b/tasks/state-installed.yml
@ -39,6 +39,12 @@
    - k3s_primary_control_node
    - k3s_server_manifests_templates | length > 0

+- import_tasks: build/addons/calico.yml
+  when:
+    - k3s_primary_control_node
+    - calico is defined
+    - calico
+
 - import_tasks: build/install-k3s.yml

 - name: Ensure containerd installation tasks are run
--- a/tasks/validate/configuration/calico.yml
+++ b/tasks/validate/configuration/calico.yml
@ -0,0 +1,13 @@
+---
+
+- name: Check that flannel is disabled
+  ansible.builtin.assert:
+    that:
+      - ("flannel" in k3s_server.disable)
+      - (k3s_server.flannel-backend == 'none')
+    success_msg: "Flannel is disabled."
+    fail_msg: >-
+      Flannel is not disabled.
+  when:
+    - calico is defined
+    - calico
--- a/tasks/validate/main.yml
+++ b/tasks/validate/main.yml
@ -13,3 +13,5 @@
  when:
    - k3s_build_cluster is defined
    - k3s_build_cluster
+
+- import_tasks: configuration/calico.yml
--- a/templates/calico-bgpconfiguration.yaml.j2
+++ b/templates/calico-bgpconfiguration.yaml.j2
@ -0,0 +1,8 @@
+---
+apiVersion: crd.projectcalico.org/v1
+kind: BGPConfiguration
+metadata:
+  name: default
+spec:
+  serviceExternalIPs:
+  - cidr: {{ calico_bgp_external_ips }}
--- a/templates/calico-bgppeer.yaml.j2
+++ b/templates/calico-bgppeer.yaml.j2
@ -0,0 +1,8 @@
+---
+apiVersion: crd.projectcalico.org/v1
+kind: BGPPeer
+metadata:
+  name: global
+spec:
+  peerIP: {{ calico_bgp_peer_ip }}
+  asNumber: {{ calico_bgp_as_number }}
--- a/templates/calico-installation.yaml.j2
+++ b/templates/calico-installation.yaml.j2
@ -0,0 +1,15 @@
+#jinja2:lstrip_blocks: True
+---
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+    - blockSize: 26
+      cidr: "{{ k3s_server["cluster-cidr"] }}"
+      encapsulation: "{{ calico_encapsulation }}"
+      natOutgoing: Enabled
+      nodeSelector: all()