2018-09-18 19:29:53 +08:00
|
|
|
# see roles/network_plugin/cilium/defaults/main.yml
|
2022-01-05 16:36:32 +08:00
|
|
|
|
2022-05-11 21:23:04 +08:00
|
|
|
# cilium_version: "v1.11.3"
|
2022-02-09 06:04:35 +08:00
|
|
|
# cilium_identity_allocation_mode: kvstore # kvstore or crd
|
2022-05-11 21:23:04 +08:00
|
|
|
|
|
|
|
# For adding and mounting extra volumes to the cilium operator
|
|
|
|
# cilium_operator_extra_volumes: []
|
|
|
|
# cilium_operator_extra_volume_mounts: []
|
|
|
|
|
|
|
|
# Name of the cluster. Only relevant when building a mesh of clusters.
|
|
|
|
# cilium_cluster_name: default
|
|
|
|
|
|
|
|
# Unique ID of the cluster. Must be unique across all conneted clusters and
|
|
|
|
# in the range of 1 and 255. Only relevant when building a mesh of clusters.
|
|
|
|
# This value is not defined by default
|
|
|
|
# cluster-id:
|
|
|
|
|
|
|
|
# Allows to explicitly specify the IPv4 CIDR for native routing.
|
|
|
|
# When specified, Cilium assumes networking for this CIDR is preconfigured and
|
|
|
|
# hands traffic destined for that range to the Linux network stack without
|
|
|
|
# applying any SNAT.
|
|
|
|
# Generally speaking, specifying a native routing CIDR implies that Cilium can
|
|
|
|
# depend on the underlying networking stack to route packets to their
|
|
|
|
# destination. To offer a concrete example, if Cilium is configured to use
|
|
|
|
# direct routing and the Kubernetes CIDR is included in the native routing CIDR,
|
|
|
|
# the user must configure the routes to reach pods, either manually or by
|
|
|
|
# setting the auto-direct-node-routes flag.
|
|
|
|
# cilium_native_routing_cidr: ""
|
|
|
|
|
|
|
|
# Allows to explicitly specify the IPv6 CIDR for native routing.
|
|
|
|
# cilium_native_routing_cidr_ipv6: ""
|
|
|
|
|
|
|
|
# Encryption
|
|
|
|
# Enable transparent network encryption.
|
|
|
|
# cilium_encryption_enabled: false
|
|
|
|
|
|
|
|
# Encryption method. Can be either ipsec or wireguard.
|
|
|
|
# Only effective when `cilium_encryption_enabled` is set to true.
|
|
|
|
# cilium_encryption_type: "ipsec"
|
|
|
|
|
|
|
|
# Enable encryption for pure node to node traffic.
|
|
|
|
# This option is only effective when `cilium_encryption_type` is set to `ipsec`.
|
|
|
|
# cilium_ipsec_node_encryption: "false"
|
|
|
|
|
|
|
|
# Enables the fallback to the user-space implementation.
|
|
|
|
# This option is only effective when `cilium_encryption_type` is set to `wireguard`.
|
|
|
|
# cilium_wireguard_userspace_fallback: "false"
|