add calico VXLAN mode, update docs and vars in sample inventory (#5731)

* calico VXLAN mode

* check vars if calico backend defined

roles/network_plugin/calico/defaults/main.yml

@@ -9,6 +9,8 @@ calico_ipv4pool_ipip: "Off"
 # Use IP-over-IP encapsulation across hosts
 ipip: true
 ipip_mode: "{{ 'Always' if ipip else 'Never' }}"  # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
+calico_ipip_mode: "{{ ipip_mode }}"
+calico_vxlan_mode: 'Never'
 
 calico_cert_dir: /etc/calico/certs
 

roles/network_plugin/calico/tasks/check.yml

@@ -4,10 +4,38 @@
     that:
       - "calico_pool_name is defined"
       - "calico_pool_name is match('^[a-zA-Z0-9-_\\\\.]{2,63}$')"
-      - "ipip_mode is defined"
-      - "ipip_mode in ['Always', 'CrossSubnet', 'Never']"
-    msg: "Check variable definitions seems something is wrong"
-  run_once: yes
+    msg: "calico_pool_name contains invalid characters"
+
+- name: "Check calico network backend defined correctly"
+  assert:
+    that:
+      - "calico_network_backend in ['bird', 'vxlan', 'none']"
+    msg: "calico network backend is not 'bird', 'vxlan' or 'none'"
+  when:
+    - calico_network_backend is defined
+
+- name: "Check ipip and vxlan mode defined correctly"
+  assert:
+    that:
+      - "calico_ipip_mode in ['Always', 'CrossSubnet', 'Never']"
+      - "calico_vxlan_mode in ['Always', 'CrossSubnet', 'Never']"
+    msg: "calico inter host encapsulation mode is not 'Always', 'CrossSubnet' or 'Never'"
+
+- name: "Check ipip and vxlan mode if simultaneously enabled"
+  assert:
+    that:
+      - "calico_vxlan_mode in ['Never']"
+    msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
+  when:
+    - "calico_ipip_mode in ['Always', 'CrossSubnet']"
+
+- name: "Check ipip and vxlan mode if simultaneously enabled"
+  assert:
+    that:
+      - "calico_ipip_mode in ['Never']"
+    msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
+  when:
+    - "calico_vxlan_mode in ['Always', 'CrossSubnet']"
 
 - name: "Get current version of calico cluster version"
   shell: "{{ bin_dir }}/calicoctl.sh version  | grep 'Cluster Version:' | awk '{ print $3}'"

roles/network_plugin/calico/tasks/install.yml

@@ -140,7 +140,8 @@
         },
         "spec": {
           "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
-          "ipipMode": "{{ ipip_mode }}",
+          "ipipMode": "{{ calico_ipip_mode }}",
+          "vxlanMode": "{{ calico_vxlan_mode }}",
           "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f -
   when:
     - inventory_hostname == groups['kube-master'][0]
@@ -158,7 +159,8 @@
         "spec": {
           "blockSize": "{{ calico_pool_blocksize | default(kube_network_node_prefix) }}",
           "cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
-          "ipipMode": "{{ ipip_mode }}",
+          "ipipMode": "{{ calico_ipip_mode }}",
+          "vxlanMode": "{{ calico_vxlan_mode }}",
           "natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f -
   when:
     - inventory_hostname == groups['kube-master'][0]

roles/network_plugin/calico/templates/calico-config.yml.j2

@@ -15,9 +15,9 @@ data:
   # essential.
   typha_service_name: "calico-typha"
 {% endif %}
-{% if calico_network_backend is defined and calico_network_backend == 'none' %}
+{% if calico_network_backend is defined %}
   cluster_type: "kubespray"
-  calico_backend: "none"
+  calico_backend: "{{ calico_network_backend }}"
 {% else %}
   cluster_type: "kubespray,bgp"
   calico_backend: "bird"