refact ip stack (#11953)

roles/network_plugin/calico/tasks/check.yml

@@ -146,12 +146,16 @@
   check_mode: false
   register: calico
   run_once: true
+  when: ipv4_stack | bool
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
 
 - name: "Set calico_pool_conf"
   set_fact:
     calico_pool_conf: '{{ calico.stdout | from_json }}'
-  when: calico.rc == 0 and calico.stdout
+  when:
+    - ipv4_stack | bool
+    - calico is defined
+    - calico.rc == 0 and calico.stdout
   run_once: true
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
 
@@ -164,10 +168,45 @@
       - not calico_pool_conf.spec.vxlanMode is defined or calico_pool_conf.spec.vxlanMode == calico_vxlan_mode
     msg: "Your inventory doesn't match the current cluster configuration"
   when:
+    - ipv4_stack | bool
     - calico_pool_conf is defined
   run_once: true
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
 
+- name: "Get Calico {{ calico_pool_name }}-ipv6 configuration"
+  command: "{{ bin_dir }}/calicoctl.sh get ipPool {{ calico_pool_name }}-ipv6 -o json"
+  failed_when: false
+  changed_when: false
+  check_mode: false
+  register: calico_ipv6
+  run_once: true
+  when: ipv6_stack | bool
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+
+- name: "Set calico_pool_ipv6_conf"
+  set_fact:
+    calico_pool_conf: '{{ calico_ipv6.stdout | from_json }}'
+  when:
+    - ipv6_stack | bool
+    - alico_ipv6 is defined
+    - calico_ipv6.rc == 0 and calico_ipv6.stdout
+  run_once: true
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+
+- name: "Check if ipv6 inventory match current cluster configuration"
+  assert:
+    that:
+      - calico_pool_conf.spec.blockSize | int == calico_pool_blocksize_ipv6 | int
+      - calico_pool_conf.spec.cidr == (calico_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6))
+      - not calico_pool_conf.spec.ipipMode is defined or calico_pool_conf.spec.ipipMode == calico_ipip_mode_ipv6
+      - not calico_pool_conf.spec.vxlanMode is defined or calico_pool_conf.spec.vxlanMode == calico_vxlan_mode_ipv6
+    msg: "Your ipv6 inventory doesn't match the current cluster configuration"
+  when:
+    - ipv6_stack | bool
+    - calico_pool_ipv6_conf is defined
+  run_once: true
+  delegate_to: "{{ groups['kube_control_plane'][0] }}"
+
 - name: "Check kdd calico_datastore if calico_apiserver_enabled"
   assert:
     that: calico_datastore == "kdd"
@@ -191,7 +230,6 @@
     that:
       - "calico_ipip_mode_ipv6 in ['Never']"
     msg: "Calico doesn't support ipip tunneling for the IPv6"
-  when:
-    - enable_dual_stack_networks
+  when: ipv6_stack | bool
   run_once: true
   delegate_to: "{{ groups['kube_control_plane'][0] }}"

roles/network_plugin/calico/tasks/install.yml

@@ -84,6 +84,7 @@
   changed_when: false
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
+    - ipv4_stack | bool
 
 - name: Calico | Ensure that calico_pool_cidr is within kube_pods_subnet when defined
   assert:
@@ -91,8 +92,9 @@
     msg: "{{ calico_pool_cidr }} is not within or equal to {{ kube_pods_subnet }}"
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
-    - 'calico_conf.stdout == "0"'
+    - ipv4_stack | bool
     - calico_pool_cidr is defined
+    - 'calico_conf.stdout == "0"'
 
 - name: Calico | Check if calico IPv6 network pool has already been configured
   # noqa risky-shell-pipe - grep will exit 1 if no match found
@@ -107,7 +109,7 @@
   changed_when: false
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
-    - enable_dual_stack_networks
+    - ipv6_stack
 
 - name: Calico | Ensure that calico_pool_cidr_ipv6 is within kube_pods_subnet_ipv6 when defined
   assert:
@@ -115,9 +117,9 @@
     msg: "{{ calico_pool_cidr_ipv6 }} is not within or equal to {{ kube_pods_subnet_ipv6 }}"
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
+    - ipv6_stack | bool
     - calico_conf_ipv6.stdout is defined and calico_conf_ipv6.stdout == "0"
     - calico_pool_cidr_ipv6 is defined
-    - enable_dual_stack_networks
 
 - name: Calico | kdd specific configuration
   when:
@@ -206,6 +208,7 @@
 - name: Calico | Configure Calico IP Pool
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
+    - ipv4_stack | bool
   block:
     - name: Calico | Get existing calico network pool
       command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }} -o json"
@@ -256,7 +259,7 @@
 - name: Calico | Configure Calico IPv6 Pool
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
-    - enable_dual_stack_networks | bool
+    - ipv6_stack | bool
   block:
     - name: Calico | Get existing calico ipv6 network pool
       command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json"
@@ -350,7 +353,15 @@
               {% if not calico_no_global_as_num | default(false) %}"asNumber": {{ global_as_num }},{% endif %}
               "nodeToNodeMeshEnabled": {{ nodeToNodeMeshEnabled | default('true') }} ,
               {% if calico_advertise_cluster_ips | default(false) %}
-              "serviceClusterIPs": [{"cidr": "{{ kube_service_addresses }}" } {{ ',{"cidr":"' + kube_service_addresses_ipv6 + '"}' if enable_dual_stack_networks else '' }}],{% endif %}
+              "serviceClusterIPs": >-
+                {%- if ipv4_stack and ipv6_stack-%}
+                [{"cidr": "{{ kube_service_addresses }}", "cidr": "{{ kube_service_addresses_ipv6 }}"}],
+                {%- elif ipv6_stack-%}
+                [{"cidr": "{{ kube_service_addresses_ipv6 }}"}],
+                {%- else -%}
+                [{"cidr": "{{ kube_service_addresses }}"}],
+                {%- endif -%}
+              {% endif %}
               {% if calico_advertise_service_loadbalancer_ips | length > 0  %}"serviceLoadBalancerIPs": {{ _service_loadbalancer_ips }},{% endif %}
               "serviceExternalIPs": {{ _service_external_ips | default([]) }}
             }