[calico] don't enable ipip encapsulation by default and use vxlan in CI (#8434)

* [calico] make vxlan encapsulation the default * don't enable ipip encapsulation by default * set calico_network_backend by default to vxlan * update sample inventory and documentation * [CI] pin default calico parameters for upgrade tests to ensure proper upgrade * [CI] improve netchecker connectivity testing * [CI] show logs for tests * [calico] tweak task name * [CI] Don't run the provisioner from vagrant since we run it in testcases_run.sh * [CI] move kube-router tests to vagrant to avoid network connectivity issues during netchecker check * service proxy mode still fails connectivity tests so keeping it manual mode * [kube-router] account for containerd use-case
2026-02-16 02:30:03 -03:30 · 2022-03-18 03:05:39 +02:00
parent a86d9bd8e8
commit dd2d95ecdf
26 changed files with 229 additions and 82 deletions
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -6,16 +6,17 @@ nat_outgoing: true
 calico_pool_name: "default-pool"
 calico_ipv4pool_ipip: "Off"

-# Use IP-over-IP encapsulation across hosts
-ipip: true
-ipip_mode: "{{ 'Always' if ipip else 'Never' }}"  # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
-calico_ipip_mode: "{{ ipip_mode }}"
-calico_vxlan_mode: 'Never'
+# Change encapsulation mode, by default we enable vxlan which is the most mature and well tested mode
+calico_ipip_mode: Never  # valid values are 'Always', 'Never' and 'CrossSubnet'
+calico_vxlan_mode: Always  # valid values are 'Always', 'Never' and 'CrossSubnet'

 calico_ipip_mode_ipv6: Never
 calico_vxlan_mode_ipv6: Never
 calico_pool_blocksize_ipv6: 116

+# Calico network backend can be 'bird', 'vxlan' and 'none'
+calico_network_backend: vxlan
+
 calico_cert_dir: /etc/calico/certs

 # Global as_num (/calico/bgp/v1/global/as_num)