kubernetes-sigs · orange-hbenmabrouk · Aug 4, 2025 · Sep 1, 2025
diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-calico.yml
@@ -25,9 +25,15 @@ calico_pool_blocksize: 26
 # add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
 # calico_pool_cidr: 1.2.3.4/5
 
+# add default ippool CIDR to CNI config
+# calico_cni_pool: true
+
 # Add default IPV6 IPPool CIDR. Must be inside kube_pods_subnet_ipv6. Defaults to kube_pods_subnet_ipv6 if not set.
 # calico_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
 
+# Add default IPV6 IPPool CIDR to CNI config
+# calico_cni_pool_ipv6: true
+
 # Global as_num (/calico/bgp/v1/global/as_num)
 # global_as_num: "64512"
 

diff --git a/roles/network_plugin/calico/templates/calico-config.yml.j2 b/roles/network_plugin/calico/templates/calico-config.yml.j2
@@ -57,9 +57,15 @@ data:
             "ipam": {
               "type": "calico-ipam",
             {% if ipv4_stack %}
+              {% if calico_cni_pool %}
+              "ipv4_pools": ["{{ calico_pool_cidr }}"],
+              {% endif %}
               "assign_ipv4": "true"{{ ',' if (ipv6_stack and ipv4_stack) }}
             {% endif %}
             {% if ipv6_stack %}
+              {% if calico_cni_pool_ipv6 %}
+              "ipv6_pools": ["{{ calico_pool_cidr_ipv6 }}"],
+              {% endif %}
               "assign_ipv6": "true"
             {% endif %}
             },

diff --git a/roles/network_plugin/calico_defaults/defaults/main.yml b/roles/network_plugin/calico_defaults/defaults/main.yml
@@ -1,29 +1,35 @@
 ---
-# the default value of name
+# Calico default CNI name
 calico_cni_name: k8s-pod-network
 
 # Enables Internet connectivity from containers
 nat_outgoing: true
 nat_outgoing_ipv6: false
 
-# add default ippool name
+# Calico default ippool name
 calico_pool_name: "default-pool"
 calico_ipv4pool_ipip: "Off"
 
 # Change encapsulation mode, by default we enable vxlan which is the most mature and well tested mode
 calico_ipip_mode: Never  # valid values are 'Always', 'Never' and 'CrossSubnet'
 calico_vxlan_mode: Always  # valid values are 'Always', 'Never' and 'CrossSubnet'
 
-# add default ippool blockSize
+# Enable/disable Calico CNI IP pool creation
+calico_cni_pool: true
+calico_cni_pool_ipv6: true
+
+# Calico default ippool cidr for IPv4 and IPv6
+calico_pool_cidr: "{{ kube_pods_subnet }}"
+calico_pool_cidr_ipv6: "{{ kube_pods_subnet_ipv6 }}"
+
+# Calico default ippool blockSize
 calico_pool_blocksize: 26
+calico_pool_blocksize_ipv6: 122
 
 # Calico doesn't support ipip tunneling for the IPv6.
 calico_ipip_mode_ipv6: Never
 calico_vxlan_mode_ipv6: Always
 
-# add default ipv6 ippool blockSize
-calico_pool_blocksize_ipv6: 122
-
 # Calico network backend can be 'bird', 'vxlan' and 'none'
 calico_network_backend: vxlan