I tried to deploy Kubernetes with Calico as a kubeone addon and it failed.
When deploying Calico with etcd datastore, Calico needs access to the etcd certificates created by the KubeOne deployment. The Calico manifest used as an addon for KubeOne creates a “secrets” resource where it needs to have encoded the contents of the etcd certificates. As KubeOne deploys Kubernetes with the etcd datastore and Calico at the same time, there is no way for me of knowing beforehand what the etcd certificates will be so I can pass them to the Calico manifest before deployment.
Do you have any suggestions on how I could workaround this issue? I thought about doing a KubeOne deployment with a default CNI and then upgrade to Calico, but in the documentation, it’s stated that the CNI cannot be changed after the initial KubeOne deployment.