Remove etcd-proxy from all nodes and use etcd multiaccess

roles/network_plugin/calico/tasks/main.yml

@@ -43,17 +43,21 @@
 - name: Calico | wait for etcd
   uri: url=http://localhost:2379/health
   register: result
-  until: result.status == 200
+  until: result.status == 200 or result.status == 401
   retries: 10
   delay: 5
-  when: inventory_hostname in groups['kube-master']
+  delegate_to: "{{groups['etcd'][0]}}"
+  run_once: true
 
 - name: Calico | Check if calico network pool has already been configured
-  uri:
-    url: "{{ etcd_endpoint }}/v2/keys/calico/v1/ipam/v4/pool"
-    return_content: yes
-    status_code: 200,404
+  command: |-
+    curl \
+      --cacert {{ etcd_cert_dir }}/ca.pem \
+      --cert {{ etcd_cert_dir}}/admin.pem \
+      --key {{ etcd_cert_dir }}/admin-key.pem \
+      https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
   register: calico_conf
+  delegate_to: "{{groups['etcd'][0]}}"
   run_once: true
 
 - name: Calico | Define ipip pool argument
@@ -79,21 +83,25 @@
   environment:
     NO_DEFAULT_POOLS: true
   run_once: true
-  when: calico_conf.status == 404 or "nodes" not in calico_conf.content
+  when: '"Key not found" in calico_conf.stdout or "nodes" not in calico_conf.stdout'
 
 - name: Calico | Get calico configuration from etcd
-  uri:
-    url: "{{ etcd_endpoint }}/v2/keys/calico/v1/ipam/v4/pool"
-    return_content: yes
-  register: calico_pools
+  command: |-
+    curl http://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
+  register: calico_pools_raw
+  delegate_to: "{{groups['etcd'][0]}}"
+  run_once: true
+
+- set_fact:
+    calico_pools: "{{ calico_pools_raw.stdout | from_json }}"
   run_once: true
 
 - name: Calico | Check if calico pool is properly configured
   fail:
     msg: 'Only one network pool must be configured and it must be the subnet {{ kube_pods_subnet }}.
     Please erase calico configuration and run the playbook again ("etcdctl rm --recursive /calico/v1/ipam/v4/pool")'
-  when: ( calico_pools.json['node']['nodes'] | length > 1 ) or
-        ( not calico_pools.json['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
+  when: ( calico_pools['node']['nodes'] | length > 1 ) or
+        ( not calico_pools['node']['nodes'][0]['key'] | search(".*{{ kube_pods_subnet | ipaddr('network') }}.*") )
   run_once: true
 
 - name: Calico | Write /etc/network-environment
@@ -131,4 +139,3 @@
   shell: "{{ bin_dir }}/calicoctl node bgp peer add {{ item.router_id }} as {{ item.as }}"
   with_items: peers
   when: peer_with_router|default(false) and inventory_hostname in groups['kube-node']
-

roles/network_plugin/calico/templates/calico-node.service.j2

@@ -1,8 +1,8 @@
 [Unit]
 Description=Calico per-node agent
 Documentation=https://github.com/projectcalico/calico-docker
-After=docker.service docker.socket etcd-proxy.service
-Wants=docker.socket etcd-proxy.service
+After=docker.service docker.socket
+Wants=docker.socket
 
 [Service]
 User=root

roles/network_plugin/calico/templates/calicoctl-container.j2

@@ -1,6 +1,7 @@
 #!/bin/bash
 /usr/bin/docker run --privileged --rm \
---net=host --pid=host -e ETCD_AUTHORITY={{ etcd_authority }} \
+--net=host --pid=host \
+-e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \
 -v /usr/bin/docker:/usr/bin/docker \
 -v /var/run/docker.sock:/var/run/docker.sock \
 -v /var/run/calico:/var/run/calico \

roles/network_plugin/calico/templates/network-environment.j2

@@ -3,7 +3,7 @@
 DEFAULT_IPV4={{ip | default(ansible_default_ipv4.address) }}
 
 # The Kubernetes master IP
-KUBERNETES_MASTER={{ first_kube_master }}
+KUBERNETES_MASTER={{ kube_apiserver_endpoint }}
 
 # IP and port of etcd instance used by Calico
-ETCD_AUTHORITY={{ etcd_authority }}
+ETCD_ENDPOINTS={{ etcd_access_endpoint }}