kube_network_node_prefix is not getting applied to Calico

[ehsan310]

What happened?

I have a Calico configuration and used kube_network_node_prefix to also pass to Calico but after installation I realized Calico role is not using the default (kube_network_node_prefix) value and passed /26 value

What did you expect to happen?

I was expecting the calico to default to kube_network_node_prefix

How can we reproduce it (as minimally and precisely as possible)?

run kubespray with kube_network_node_prefix set and calico_pool_blocksize commented.

OS

Debian 12

Version of Ansible

ansible [core 2.15.8]

Version of Python

Python 3.10.12

Version of Kubespray (commit)

used v2.24.1 docker image

Network plugin used

calico

Full inventory with variables

master01 | SUCCESS => {
"msg": "Hello world!"
}
master02 | SUCCESS => {
"msg": "Hello world!"
}
master03 | SUCCESS => {
"msg": "Hello world!"
}
worker01 | SUCCESS => {
"msg": "Hello world!"
}
worker02 | SUCCESS => {
"msg": "Hello world!"
}

Command used to invoke ansible

ansible-playbook -i inventory/ansible.hosts -u abc --become --become-user=root cluster.yml -K

Output of ansible run

localhost                  : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
master01 : ok=837  changed=146  unreachable=0    failed=0    skipped=1178 rescued=0    ignored=6   
master02 : ok=729  changed=127  unreachable=0    failed=0    skipped=1052 rescued=0    ignored=3   
master03 : ok=731  changed=128  unreachable=0    failed=0    skipped=1050 rescued=0    ignored=3   
worker01 : ok=527  changed=69   unreachable=0    failed=0    skipped=742  rescued=0    ignored=0   
worker02 : ok=527  changed=69   unreachable=0    failed=0    skipped=738  rescued=0    ignored=0   

Friday 19 April 2024  09:45:43 +0000 (0:00:00.157)       0:20:13.463 ********** 
=============================================================================== 
download : Download_file | Download item ---------------------------------------------------------------------------------------------------- 85.92s
download : Download_file | Download item ---------------------------------------------------------------------------------------------------- 39.60s
download : Download_file | Download item ---------------------------------------------------------------------------------------------------- 35.73s
etcd : Gen_certs | Write etcd member/admin and kube_control_plane client certs to other etcd nodes ------------------------------------------ 34.50s
kubernetes-apps/ansible : Kubernetes Apps | Lay Down CoreDNS templates ---------------------------------------------------------------------- 21.85s
kubernetes-apps/ansible : Kubernetes Apps | Start Resources --------------------------------------------------------------------------------- 16.17s
kubernetes-apps/metrics_server : Metrics Server | Create manifests -------------------------------------------------------------------------- 14.90s
download : Download_container | Download image if required ---------------------------------------------------------------------------------- 14.79s
kubernetes/kubeadm : Join to cluster -------------------------------------------------------------------------------------------------------- 14.27s
etcd : Gen_certs | Gather etcd member/admin and kube_control_plane client certs from first etcd node ---------------------------------------- 13.71s
kubernetes/control-plane : Joining control plane node to the cluster. ----------------------------------------------------------------------- 12.93s
kubernetes/control-plane : Kubeadm | Initialize first master -------------------------------------------------------------------------------- 12.79s
network_plugin/calico : Calico | Create calico manifests ------------------------------------------------------------------------------------ 11.15s
download : Download_container | Download image if required ---------------------------------------------------------------------------------- 10.38s
download : Download_container | Remove container image from cache --------------------------------------------------------------------------- 10.36s
download : Download_container | Download image if required ---------------------------------------------------------------------------------- 10.25s
network_plugin/calico : Start Calico resources ----------------------------------------------------------------------------------------------- 9.65s
download : Download_container | Download image if required ----------------------------------------------------------------------------------- 8.65s
kubernetes-apps/metrics_server : Metrics Server | Apply manifests ---------------------------------------------------------------------------- 8.38s
policy_controller/calico : Create calico-kube-controllers manifests -------------------------------------------------------------------------- 8.10s

Anything else we need to know

.

[VannTen]

kube_network_node_prefix is not used by calico, because calico dynamically assign ip block to node (at least in the default ipam mode used by kubespray). see #9843 (comment) , and the rest of the discussion

[ehsan310]

I got that , and explicitly set calico_pool_blocksize but then maybe we should remove the comment # add default ippool blockSize (defaults kube_network_node_prefix) from k8s-net-calico.yml , it's just make a confusion , we are not defaulting to kube_network_node_prefix anyway. As far as I see we have this condition when: kube_network_plugin != 'calico' set for Calico for majority of network settings So technically we are not defaulting to it and I get that it's expected.

[VannTen]

I got that , and explicitly set `calico_pool_blocksize` but then maybe we should remove the comment `# add default ippool blockSize (defaults kube_network_node_prefix)` from `k8s-net-calico.yml`

That's in the inventory sample, right ? :sigh: That stuff is never in sync, I can't wait to get rid of it X^X

[ehsan310]

there you go
#11113