calico: default to using kdd datastore (#6693)

If already deployed, get current datastore from CNI config file

docs/calico.md

@@ -58,6 +58,20 @@ calicoctl.sh endpoint show --detail
 
 ## Configuration
 
+### Optional : Define datastore type
+
+The default datastore, Kubernetes API datastore is recommended for on-premises deployments, and supports only Kubernetes workloads; etcd is the best datastore for hybrid deployments.
+
+Allowed values are `kdd` (default) and `etcd`.
+
+Note: using kdd and more than 50 nodes, consider using the `typha` daemon to provide scaling.
+
+To re-define you need to edit the inventory and add a group variable `calico_datastore`
+
+```yml
+calico_datastore: kdd
+```
+
 ### Optional : Define network backend
 
 In some cases you may want to define Calico network backend. Allowed values are `bird`, `vxlan` or `none`. Bird is a default value.

roles/kubespray-defaults/defaults/main.yaml

@@ -157,7 +157,7 @@ peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length >
 calico_upgrade_enabled: true
 
 # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
-calico_datastore: "etcd"
+calico_datastore: "kdd"
 
 # Kubernetes internal network for services, unused block of space.
 kube_service_addresses: 10.233.0.0/18

roles/network_plugin/calico/defaults/main.yml

@@ -81,7 +81,7 @@ kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
 kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
 
 # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
-# The default value calico_datastore: "etcd" is set in role kubespray-default
+# The default value for calico_datastore is set in role kubespray-default
 
 # Use typha (only with kdd)
 typha_enabled: false

roles/network_plugin/calico/tasks/pre.yml

@@ -1,4 +1,20 @@
 ---
+- name: Slurp CNI config
+  slurp:
+    src: /etc/cni/net.d/10-calico.conflist
+  register: calico_cni_config_slurp
+  failed_when: false
+
+- block:
+  - name: Set fact calico_cni_config from slurped CNI config
+    set_fact:
+      calico_cni_config: "{{ calico_cni_config_slurp['content'] | b64decode | from_json }}"
+  - name: Set fact calico_datastore to etcd if needed
+    set_fact:
+      calico_datastore: etcd
+    when: "'etcd_endpoints' in calico_cni_config.plugins.0"
+  when: calico_cni_config_slurp.content is defined
+
 - name: Calico | Get kubelet hostname
   shell: >-
     set -o pipefail && {{ bin_dir }}/kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address'
@@ -8,4 +24,4 @@
   register: calico_kubelet_name
   delegate_to: "{{ groups['kube-master'][0] }}"
   when:
-    - "cloud_provider is defined"
+  - "cloud_provider is defined"

tests/files/packet_opensuse-canal.yml

@@ -4,6 +4,7 @@ cloud_image: opensuse-leap-15
 mode: default
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 deploy_netchecker: true
 dns_min_replicas: 1

tests/files/packet_oracle7-canal-ha.yml

@@ -4,6 +4,7 @@ cloud_image: oracle-7
 mode: ha
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 dynamic_kubelet_configuration: true
 deploy_netchecker: true

tests/files/packet_ubuntu16-canal-kubeadm-ha.yml

@@ -4,6 +4,7 @@ cloud_image: ubuntu-1604
 mode: ha
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 dynamic_kubelet_configuration: true
 deploy_netchecker: true

tests/files/packet_ubuntu16-canal-sep.yml

@@ -4,6 +4,7 @@ cloud_image: ubuntu-1604
 mode: separate
 
 # Kubespray settings
+calico_datastore: etcd
 kube_network_plugin: canal
 deploy_netchecker: true
 dns_min_replicas: 1