calico_pool_blocksize doesnt default to kube_network_node_prefix

[Payback159]

Environment:

• Cloud provider or hardware configuration:

• OS (printf "$(uname -srm)\n$(cat /etc/os-release)\n"):

printf "$(uname -srm)\n$(cat /etc/os-release)"
Linux 5.4.0-52-generic x86_64
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal

• Version of Ansible (ansible --version):

ansible --version
ansible [core 2.12.5]
  config file = /kubespray/ansible.cfg
  configured module search path = ['/kubespray/library']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0]
  jinja version = 2.11.3
  libyaml = True

• Version of Python (python --version):

python --version
Python 3.8.10

Kubespray version (commit) (git rev-parse --short HEAD):

• v2.18.2
• v2.19.0
• v2.20.0
• also in the current master commit

Network plugin used:

Calico

Full inventory with variables (ansible -i inventory/sample/inventory.ini all -m debug -a "var=hostvars[inventory_hostname]"):

Command used to invoke ansible:

export CLUSTERNAME="cluster-name"
ansible-playbook -i /kubespray/inventory/$CLUSTERNAME/hosts cluster.yml --become --ask-vault-pass

Output of ansible run:

breaks at this step https://github.com/kubernetes-sigs/kubespray/blob/master/roles/network_plugin/calico/tasks/check.yml#L159

Anything else do we need to know:

The sample Inventory shows the bug well. In the k8s-net-calico it says in the comments that it goes by default to kube_network_node_prefix. https://github.com/kubernetes-sigs/kubespray/blob/master/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml#L21

Therefore my assumption that if I comment out calico_pool_blocksize that the blocksize is a /24 as configured in kube_network_node_prefix. https://github.com/kubernetes-sigs/kubespray/blob/master/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml#L98

But the problem seems to exist since Kubespray v2.18 that this is not the case in the check here anyway, because in the main.yml of the Role the value calico_pool_blocksize is configured to /26 and therefore the check takes the value of calico_pool_blocksize and not as assumed in the comment and from my point of view also in the check to kube_network_node_prefix.

• https://github.com/kubernetes-sigs/kubespray/blob/master/roles/network_plugin/calico/defaults/main.yml#L20
• https://github.com/kubernetes-sigs/kubespray/blob/master/roles/network_plugin/calico/tasks/check.yml#L159

My suggestion would be to comment out calico_pool_blocksize in the main.yml in the role so it reacts as mentioned in the comment but wanted your opinion on it first before I put the PR.

[cyclinder]

Thanks @Payback159 for the report.

If you comment out calico_pool_blocksize and blocksize should be 24(uses kube_network_node_prefix), right?

kubespray/roles/network_plugin/calico/tasks/install.yml

Line 227 in 3a67539

"blockSize": {{ calico_pool_blocksize | default(kube_network_node_prefix) }},

If blocksize is 24, why is this task break up?

kubespray/roles/network_plugin/calico/tasks/check.yml

Line 162 in 3a67539

- calico_pool_conf.spec.blockSize|int == (calico_pool_blocksize | default(kube_network_node_prefix) | int)

[Payback159]

Hi @cyclinder,

if I comment out calico_pool_blocksizein https://github.com/kubernetes-sigs/kubespray/blob/master/roles/network_plugin/calico/defaults/main.yml#L20 the blocksize defaults to kube_network_node_prefix, which is 24.

if I comment out calico_pool_blocksize in the Inventory https://github.com/kubernetes-sigs/kubespray/blob/master/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml#L21 I would expect that the blocksize defaults to kube_network_node_prefix (24) but it's going to "default" to the calico_pool_blocksize in the defaults of the role and there it is 26.

In my point of view the check works perfectly fine, it's just the comments and the expectation of the person which is going to configure it's inventory.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[VannTen]

We should either have

calico_pool_blocksize: "{{ kube_network_node_prefix }}"

In the defaults/main.yaml of the role and remove the default filter of the role or remove calico_pool_blocksize from the defaults and keep the filter.
The problem, though, is that either will be a breaking change, because the default will effectively change, and clusters configured with none of these variable modified will fail to upgrade because of the check.

[VannTen]

/remove-lifecycle rotten

[VannTen]

Correction: calico_pool_blocksize should not default to kube_network_node_prefix (not the same thing, there can be several calico block per node and they are dynamically assigned

[cyclinder]

@VannTen Yes, Calico has two IPAM methods: one is calico-ipam. If the user has not configured calico_pool_blocksize, we can assign it a default value of 26, but kube_network_node_prefix is not required (these are two unrelated configurations). The other method is host-local IPAM, which allocates IP addresses to Pods from node.Spec.PodCIDR. It seems that we need to support the second IPAM method: host-local

[VannTen]

It's already supported FWICT. (at least #6580 was merged)