Disable IPIP tunnel in Calico

Currently the default IPv4 IPPool configuration sets ipipMode to always,
enabling Calico to use an overlay networking for the pods to communicate
between different nodes using IPIP encapsulation. This overlay has
caused some problems in the past and, since it's not needed, it will be
removed by this change.

The default IPv6 IPPool already uses the flat networking model, so it
needs no changes.

Besides a supporting fresh install with IPIP disabled, release upgrades
should also support disabling IPIP during data migration. That's
implemented through a new upgrade script.

Note: it was not possible to test a full upgrade using AIO-DX due to USM
      bugs. This test will be done again when USM is stable.

Test Plan:
PASS: AIO-DX: fresh install: check pod communicating without encap
PASS: AIO-SX: upgrade: check that IPIP was disabled
PASS: AIO-SX: upgrade rollback: check that IPIP was re-enabled

Story: 2011124
Task: 50617

Change-Id: I8685057fc67735f9bafed442ef553cff3c6da1e6
Signed-off-by: Caio Bruchert <caio.bruchert@windriver.com>

puppet-manifests/src/modules/platform/manifests/kubernetes.pp

@@ -2142,7 +2142,6 @@ class platform::kubernetes::dual_stack::ipv4::runtime {
     logoutput => true,
   }
   if $state == true {
-    $ipip_mode = 'Always'
     file { $def_pool_filename:
       ensure  => file,
       content => template('platform/callico_ippool.yaml.erb'),
@@ -2224,7 +2223,6 @@ class platform::kubernetes::dual_stack::ipv6::runtime {
     logoutput => true,
   }
   if $state == true {
-    $ipip_mode = 'Never'
     file { $def_pool_filename:
       ensure  => file,
       content => template('platform/callico_ippool.yaml.erb'),

puppet-manifests/src/modules/platform/templates/callico_ippool.yaml.erb

@@ -6,6 +6,6 @@ metadata:
   name: default-<%= @protocol %>-ippool
 spec:
   cidr: <%= @pod_sec_subnet %>
-  ipipMode: <%= @ipip_mode %>
+  ipipMode: Never
   natOutgoing: true
   vxlanMode: Never