From 7332679678dd91669e31cd92fd4243a7a9830652 Mon Sep 17 00:00:00 2001
From: AtzeDeVries <atze.devries@naturalis.nl>
Date: Tue, 20 Jun 2017 14:50:08 +0200
Subject: [PATCH 1/2] Give more control over IPIP, but with same default
 behaviour

---
 inventory/group_vars/k8s-cluster.yml          | 5 +++++
 roles/network_plugin/calico/defaults/main.yml | 3 ++-
 roles/network_plugin/calico/tasks/main.yml    | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml
index ef5e363dc..5403614a6 100644
--- a/inventory/group_vars/k8s-cluster.yml
+++ b/inventory/group_vars/k8s-cluster.yml
@@ -71,6 +71,11 @@ kube_users:
 # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: calico
 
+# In case of calico, override default behaviour to enable IPIP. Default behaviour is in case
+# of a cloud_provider ipip:true and in case of no cloud provider ipip:false
+# calico_ipip: true
+
+
 # Enable kubernetes network policies
 enable_network_policy: false
 
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 3ef70413f..88ab5b18e 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -2,8 +2,9 @@
 # Enables Internet connectivity from containers
 nat_outgoing: true
 
+# !! NOT USED in favour over calico_ipip
 # Use IP-over-IP encapsulation across hosts
-ipip: false
+# ipip: false
 
 # Set to true if you want your calico cni binaries to overwrite the
 # ones from hyperkube while leaving other cni plugins intact.
diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml
index fa734464e..4c2030491 100644
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -94,7 +94,7 @@
   shell: >
     echo '{
     "kind": "ipPool",
-    "spec": {"disabled": false, "ipip": {"enabled": {{ cloud_provider is defined or ipip }}},
+    "spec": {"disabled": false, "ipip": {"enabled": {{ calico_ipip is defined | ternary(calico_ipip, cloud_provider is defined) }}},
              "nat-outgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}},
     "apiVersion": "v1",
     "metadata": {"cidr": "{{ kube_pods_subnet }}"}
@@ -111,7 +111,7 @@
   set_fact:
     ipip_arg: "--ipip"
   when: (legacy_calicoctl and
-         cloud_provider is defined or ipip)
+         calico_ipip is defined | ternary (calico_ipip, cloud_provider is defined))
   tags: facts
 
 - name: Calico (old) | Define nat-outgoing pool argument

From 61b74f9a5b7e12710efdc9523abe422fcb5e1d0f Mon Sep 17 00:00:00 2001
From: AtzeDeVries <atze.devries@naturalis.nl>
Date: Fri, 23 Jun 2017 09:16:05 +0200
Subject: [PATCH 2/2] updated to direct control over ipip

---
 inventory/group_vars/k8s-cluster.yml          | 4 ----
 roles/network_plugin/calico/defaults/main.yml | 3 +--
 roles/network_plugin/calico/tasks/main.yml    | 5 ++---
 3 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml
index 5403614a6..5e633d6fe 100644
--- a/inventory/group_vars/k8s-cluster.yml
+++ b/inventory/group_vars/k8s-cluster.yml
@@ -71,10 +71,6 @@ kube_users:
 # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: calico
 
-# In case of calico, override default behaviour to enable IPIP. Default behaviour is in case
-# of a cloud_provider ipip:true and in case of no cloud provider ipip:false
-# calico_ipip: true
-
 
 # Enable kubernetes network policies
 enable_network_policy: false
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 88ab5b18e..598faf91b 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -2,9 +2,8 @@
 # Enables Internet connectivity from containers
 nat_outgoing: true
 
-# !! NOT USED in favour over calico_ipip
 # Use IP-over-IP encapsulation across hosts
-# ipip: false
+ipip: true
 
 # Set to true if you want your calico cni binaries to overwrite the
 # ones from hyperkube while leaving other cni plugins intact.
diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml
index 4c2030491..716086aed 100644
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -94,7 +94,7 @@
   shell: >
     echo '{
     "kind": "ipPool",
-    "spec": {"disabled": false, "ipip": {"enabled": {{ calico_ipip is defined | ternary(calico_ipip, cloud_provider is defined) }}},
+    "spec": {"disabled": false, "ipip": {"enabled": {{ ipip }}},
              "nat-outgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }}},
     "apiVersion": "v1",
     "metadata": {"cidr": "{{ kube_pods_subnet }}"}
@@ -110,8 +110,7 @@
   run_once: true
   set_fact:
     ipip_arg: "--ipip"
-  when: (legacy_calicoctl and
-         calico_ipip is defined | ternary (calico_ipip, cloud_provider is defined))
+  when: (legacy_calicoctl and ipip )
   tags: facts
 
 - name: Calico (old) | Define nat-outgoing pool argument