Skip to content

Commit

Permalink
calico: check if inventory settings match cluster settings (#6969)
Browse files Browse the repository at this point in the history
If some settings were changed from the default but not commited into an inventory repo,
we risk breaking the cluster / cause downtime, so add some extra checks

Signed-off-by: Etienne Champetier <[email protected]>
  • Loading branch information
champtar authored Jan 4, 2021
1 parent 3c1f84a commit c143886
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions roles/network_plugin/calico/tasks/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,27 @@
msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
when:
- "calico_vxlan_mode in ['Always', 'CrossSubnet']"

- name: "Get Calico {{ calico_pool_name }} configuration"
command: calicoctl.sh get ipPool {{ calico_pool_name }} -o json
failed_when: False
changed_when: False
register: calico
run_once: True
delegate_to: "{{ groups['kube-master'][0] }}"

- name: "Set calico_pool_conf"
set_fact:
calico_pool_conf: '{{ calico.stdout | from_json }}'
when: calico.rc == 0 and calico.stdout

- name: "Check if inventory match current cluster configuration"
assert:
that:
- calico_pool_conf.spec.blockSize == (calico_pool_blocksize | default(kube_network_node_prefix))
- calico_pool_conf.spec.cidr == (calico_pool_cidr | default(kube_pods_subnet))
- calico_pool_conf.spec.ipipMode == calico_ipip_mode
- calico_pool_conf.spec.vxlanMode == calico_vxlan_mode
msg: "Your inventory doesn't match the current cluster configuration"
when:
- calico_pool_conf is defined

0 comments on commit c143886

Please sign in to comment.