calico: check if inventory settings match cluster settings (#6969)

If some settings were changed from the default but not commited into an inventory repo,
we risk breaking the cluster / cause downtime, so add some extra checks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

roles/network_plugin/calico/tasks/check.yml

@@ -36,3 +36,27 @@
     msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
   when:
     - "calico_vxlan_mode in ['Always', 'CrossSubnet']"
+
+- name: "Get Calico {{ calico_pool_name }} configuration"
+  command: calicoctl.sh get ipPool {{ calico_pool_name }} -o json
+  failed_when: False
+  changed_when: False
+  register: calico
+  run_once: True
+  delegate_to: "{{ groups['kube-master'][0] }}"
+
+- name: "Set calico_pool_conf"
+  set_fact:
+    calico_pool_conf: '{{ calico.stdout | from_json }}'
+  when: calico.rc == 0 and calico.stdout
+
+- name: "Check if inventory match current cluster configuration"
+  assert:
+    that:
+      - calico_pool_conf.spec.blockSize == (calico_pool_blocksize | default(kube_network_node_prefix))
+      - calico_pool_conf.spec.cidr == (calico_pool_cidr | default(kube_pods_subnet))
+      - calico_pool_conf.spec.ipipMode == calico_ipip_mode
+      - calico_pool_conf.spec.vxlanMode == calico_vxlan_mode
+    msg: "Your inventory doesn't match the current cluster configuration"
+  when:
+    - calico_pool_conf is defined