diff --git a/docs/calico.md b/docs/calico.md index 2d60c96ac..ace931a23 100644 --- a/docs/calico.md +++ b/docs/calico.md @@ -58,6 +58,20 @@ calicoctl.sh endpoint show --detail ## Configuration +### Optional : Define datastore type + +The default datastore, Kubernetes API datastore is recommended for on-premises deployments, and supports only Kubernetes workloads; etcd is the best datastore for hybrid deployments. + +Allowed values are `kdd` (default) and `etcd`. + +Note: using kdd and more than 50 nodes, consider using the `typha` daemon to provide scaling. + +To re-define you need to edit the inventory and add a group variable `calico_datastore` + +```yml +calico_datastore: kdd +``` + ### Optional : Define network backend In some cases you may want to define Calico network backend. Allowed values are `bird`, `vxlan` or `none`. Bird is a default value. diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index de9c2b284..5587561c0 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -157,7 +157,7 @@ peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > calico_upgrade_enabled: true # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore) -calico_datastore: "etcd" +calico_datastore: "kdd" # Kubernetes internal network for services, unused block of space. kube_service_addresses: 10.233.0.0/18 diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml index f183606c2..1cf703cc1 100644 --- a/roles/network_plugin/calico/defaults/main.yml +++ b/roles/network_plugin/calico/defaults/main.yml @@ -81,7 +81,7 @@ kube_etcd_cert_file: node-{{ inventory_hostname }}.pem kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore) -# The default value calico_datastore: "etcd" is set in role kubespray-default +# The default value for calico_datastore is set in role kubespray-default # Use typha (only with kdd) typha_enabled: false diff --git a/roles/network_plugin/calico/tasks/pre.yml b/roles/network_plugin/calico/tasks/pre.yml index cebd717c4..517218a88 100644 --- a/roles/network_plugin/calico/tasks/pre.yml +++ b/roles/network_plugin/calico/tasks/pre.yml @@ -1,4 +1,20 @@ --- +- name: Slurp CNI config + slurp: + src: /etc/cni/net.d/10-calico.conflist + register: calico_cni_config_slurp + failed_when: false + +- block: + - name: Set fact calico_cni_config from slurped CNI config + set_fact: + calico_cni_config: "{{ calico_cni_config_slurp['content'] | b64decode | from_json }}" + - name: Set fact calico_datastore to etcd if needed + set_fact: + calico_datastore: etcd + when: "'etcd_endpoints' in calico_cni_config.plugins.0" + when: calico_cni_config_slurp.content is defined + - name: Calico | Get kubelet hostname shell: >- set -o pipefail && {{ bin_dir }}/kubectl get node -o custom-columns='NAME:.metadata.name,INTERNAL-IP:.status.addresses[?(@.type=="InternalIP")].address' @@ -8,4 +24,4 @@ register: calico_kubelet_name delegate_to: "{{ groups['kube-master'][0] }}" when: - - "cloud_provider is defined" + - "cloud_provider is defined" diff --git a/tests/files/packet_opensuse-canal.yml b/tests/files/packet_opensuse-canal.yml index 7dc12c061..a82a07cd4 100644 --- a/tests/files/packet_opensuse-canal.yml +++ b/tests/files/packet_opensuse-canal.yml @@ -4,6 +4,7 @@ cloud_image: opensuse-leap-15 mode: default # Kubespray settings +calico_datastore: etcd kube_network_plugin: canal deploy_netchecker: true dns_min_replicas: 1 diff --git a/tests/files/packet_oracle7-canal-ha.yml b/tests/files/packet_oracle7-canal-ha.yml index 6497dd11b..01ca011a5 100644 --- a/tests/files/packet_oracle7-canal-ha.yml +++ b/tests/files/packet_oracle7-canal-ha.yml @@ -4,6 +4,7 @@ cloud_image: oracle-7 mode: ha # Kubespray settings +calico_datastore: etcd kube_network_plugin: canal dynamic_kubelet_configuration: true deploy_netchecker: true diff --git a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml index 991ff0b7f..7b27b4bae 100644 --- a/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml +++ b/tests/files/packet_ubuntu16-canal-kubeadm-ha.yml @@ -4,6 +4,7 @@ cloud_image: ubuntu-1604 mode: ha # Kubespray settings +calico_datastore: etcd kube_network_plugin: canal dynamic_kubelet_configuration: true deploy_netchecker: true diff --git a/tests/files/packet_ubuntu16-canal-sep.yml b/tests/files/packet_ubuntu16-canal-sep.yml index 8df833189..a88dcacc6 100644 --- a/tests/files/packet_ubuntu16-canal-sep.yml +++ b/tests/files/packet_ubuntu16-canal-sep.yml @@ -4,6 +4,7 @@ cloud_image: ubuntu-1604 mode: separate # Kubespray settings +calico_datastore: etcd kube_network_plugin: canal deploy_netchecker: true dns_min_replicas: 1