2022-05-12 23:29:14 +08:00
|
|
|
|
---
|
2018-09-18 19:29:53 +08:00
|
|
|
|
# see roles/network_plugin/calico/defaults/main.yml
|
|
|
|
|
|
2022-05-12 23:29:14 +08:00
|
|
|
|
# the default value of name
|
|
|
|
|
calico_cni_name: k8s-pod-network
|
|
|
|
|
|
2018-09-19 02:30:49 +08:00
|
|
|
|
## With calico it is possible to distributed routes with border routers of the datacenter.
|
|
|
|
|
## Warning : enabling router peering will disable calico's default behavior ('node mesh').
|
|
|
|
|
## The subnets of each nodes will be distributed by the datacenter router
|
2019-04-01 17:38:33 +08:00
|
|
|
|
# peer_with_router: false
|
2018-09-19 02:30:49 +08:00
|
|
|
|
|
2018-09-18 19:29:53 +08:00
|
|
|
|
# Enables Internet connectivity from containers
|
|
|
|
|
# nat_outgoing: true
|
2024-02-06 15:14:22 +08:00
|
|
|
|
# nat_outgoing_ipv6: false
|
2018-09-18 19:29:53 +08:00
|
|
|
|
|
2020-09-17 17:44:46 +08:00
|
|
|
|
# Enables Calico CNI "host-local" IPAM plugin
|
|
|
|
|
# calico_ipam_host_local: true
|
|
|
|
|
|
2018-09-18 19:29:53 +08:00
|
|
|
|
# add default ippool name
|
|
|
|
|
# calico_pool_name: "default-pool"
|
|
|
|
|
|
2024-05-03 16:13:19 +08:00
|
|
|
|
# add default ippool blockSize
|
2022-07-20 04:05:27 +08:00
|
|
|
|
calico_pool_blocksize: 26
|
2019-09-25 19:44:00 +08:00
|
|
|
|
|
2019-02-01 05:39:13 +08:00
|
|
|
|
# add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
|
|
|
|
|
# calico_pool_cidr: 1.2.3.4/5
|
|
|
|
|
|
2022-05-20 14:45:13 +08:00
|
|
|
|
# add default ippool CIDR to CNI config
|
|
|
|
|
# calico_cni_pool: true
|
|
|
|
|
|
2020-10-26 15:10:53 +08:00
|
|
|
|
# Add default IPV6 IPPool CIDR. Must be inside kube_pods_subnet_ipv6. Defaults to kube_pods_subnet_ipv6 if not set.
|
|
|
|
|
# calico_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
|
|
|
|
|
|
2022-05-20 14:45:13 +08:00
|
|
|
|
# Add default IPV6 IPPool CIDR to CNI config
|
|
|
|
|
# calico_cni_pool_ipv6: true
|
|
|
|
|
|
2018-09-18 19:29:53 +08:00
|
|
|
|
# Global as_num (/calico/bgp/v1/global/as_num)
|
|
|
|
|
# global_as_num: "64512"
|
|
|
|
|
|
2020-12-18 14:54:25 +08:00
|
|
|
|
# If doing peering with node-assigned asn where the globas does not match your nodes, you want this
|
|
|
|
|
# to be true. All other cases, false.
|
|
|
|
|
# calico_no_global_as_num: false
|
|
|
|
|
|
2018-09-18 19:29:53 +08:00
|
|
|
|
# You can set MTU value here. If left undefined or empty, it will
|
|
|
|
|
# not be specified in calico CNI config, so Calico will use built-in
|
|
|
|
|
# defaults. The value should be a number, not a string.
|
|
|
|
|
# calico_mtu: 1500
|
2019-01-29 03:03:49 +08:00
|
|
|
|
|
2020-06-30 05:39:58 +08:00
|
|
|
|
# Configure the MTU to use for workload interfaces and tunnels.
|
2021-06-28 14:59:25 +08:00
|
|
|
|
# - If Wireguard is enabled, subtract 60 from your network MTU (i.e 1500-60=1440)
|
|
|
|
|
# - Otherwise, if VXLAN or BPF mode is enabled, subtract 50 from your network MTU (i.e. 1500-50=1450)
|
|
|
|
|
# - Otherwise, if IPIP is enabled, subtract 20 from your network MTU (i.e. 1500-20=1480)
|
|
|
|
|
# - Otherwise, if not using any encapsulation, set to your network MTU (i.e. 1500)
|
2020-06-30 05:39:58 +08:00
|
|
|
|
# calico_veth_mtu: 1440
|
|
|
|
|
|
2019-01-29 03:03:49 +08:00
|
|
|
|
# Advertise Cluster IPs
|
|
|
|
|
# calico_advertise_cluster_ips: true
|
2019-04-25 20:00:48 +08:00
|
|
|
|
|
2020-11-25 21:34:39 +08:00
|
|
|
|
# Advertise Service External IPs
|
|
|
|
|
# calico_advertise_service_external_ips:
|
|
|
|
|
# - x.x.x.x/24
|
|
|
|
|
# - y.y.y.y/32
|
|
|
|
|
|
2022-09-06 09:46:54 +08:00
|
|
|
|
# Advertise Service LoadBalancer IPs
|
2021-05-12 20:22:17 +08:00
|
|
|
|
# calico_advertise_service_loadbalancer_ips:
|
|
|
|
|
# - x.x.x.x/24
|
|
|
|
|
# - y.y.y.y/16
|
|
|
|
|
|
2019-04-25 20:00:48 +08:00
|
|
|
|
# Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
|
2021-04-28 06:45:28 +08:00
|
|
|
|
# calico_datastore: "kdd"
|
2019-04-25 20:00:48 +08:00
|
|
|
|
|
2020-04-27 15:03:39 +08:00
|
|
|
|
# Choose Calico iptables backend: "Legacy", "Auto" or "NFT"
|
2022-01-24 15:47:57 +08:00
|
|
|
|
# calico_iptables_backend: "Auto"
|
2020-01-08 18:27:40 +08:00
|
|
|
|
|
2019-04-25 20:00:48 +08:00
|
|
|
|
# Use typha (only with kdd)
|
|
|
|
|
# typha_enabled: false
|
|
|
|
|
|
2019-10-17 22:02:38 +08:00
|
|
|
|
# Generate TLS certs for secure typha<->calico-node communication
|
|
|
|
|
# typha_secure: false
|
|
|
|
|
|
2020-01-10 16:24:33 +08:00
|
|
|
|
# Scaling typha: 1 replica per 100 nodes is adequate
|
2019-04-25 20:00:48 +08:00
|
|
|
|
# Number of typha replicas
|
|
|
|
|
# typha_replicas: 1
|
2020-01-10 16:24:33 +08:00
|
|
|
|
|
|
|
|
|
# Set max typha connections
|
|
|
|
|
# typha_max_connections_lower_limit: 300
|
2020-02-14 05:18:36 +08:00
|
|
|
|
|
2020-03-12 16:20:37 +08:00
|
|
|
|
# Set calico network backend: "bird", "vxlan" or "none"
|
2022-03-18 09:05:39 +08:00
|
|
|
|
# bird enable BGP routing, required for ipip and no encapsulation modes
|
|
|
|
|
# calico_network_backend: vxlan
|
2020-03-12 16:20:37 +08:00
|
|
|
|
|
2024-02-12 16:27:55 +08:00
|
|
|
|
# IP in IP and VXLAN is mutually exclusive modes.
|
2020-03-12 16:20:37 +08:00
|
|
|
|
# set IP in IP encapsulation mode: "Always", "CrossSubnet", "Never"
|
2022-03-18 09:05:39 +08:00
|
|
|
|
# calico_ipip_mode: 'Never'
|
2020-03-12 16:20:37 +08:00
|
|
|
|
|
|
|
|
|
# set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never"
|
2022-03-18 09:05:39 +08:00
|
|
|
|
# calico_vxlan_mode: 'Always'
|
2020-03-12 16:20:37 +08:00
|
|
|
|
|
2020-09-22 16:04:48 +08:00
|
|
|
|
# set VXLAN port and VNI
|
|
|
|
|
# calico_vxlan_vni: 4096
|
|
|
|
|
# calico_vxlan_port: 4789
|
|
|
|
|
|
2022-09-06 09:46:54 +08:00
|
|
|
|
# Enable eBPF mode
|
2021-09-25 00:57:23 +08:00
|
|
|
|
# calico_bpf_enabled: false
|
|
|
|
|
|
2022-02-15 09:26:14 +08:00
|
|
|
|
# If you want to use non default IP_AUTODETECTION_METHOD, IP6_AUTODETECTION_METHOD for calico node set this option to one of:
|
2020-02-14 05:18:36 +08:00
|
|
|
|
# * can-reach=DESTINATION
|
|
|
|
|
# * interface=INTERFACE-REGEX
|
|
|
|
|
# see https://docs.projectcalico.org/reference/node/configuration
|
|
|
|
|
# calico_ip_auto_method: "interface=eth.*"
|
2022-02-15 09:26:14 +08:00
|
|
|
|
# calico_ip6_auto_method: "interface=eth.*"
|
|
|
|
|
|
2022-09-27 12:57:45 +08:00
|
|
|
|
# Set FELIX_MTUIFACEPATTERN, Pattern used to discover the host’s interface for MTU auto-detection.
|
|
|
|
|
# see https://projectcalico.docs.tigera.io/reference/felix/configuration
|
|
|
|
|
# calico_felix_mtu_iface_pattern: "^((en|wl|ww|sl|ib)[opsx].*|(eth|wlan|wwan).*)"
|
|
|
|
|
|
2020-03-14 21:36:35 +08:00
|
|
|
|
# Choose the iptables insert mode for Calico: "Insert" or "Append".
|
|
|
|
|
# calico_felix_chaininsertmode: Insert
|
2020-08-27 17:07:01 +08:00
|
|
|
|
|
|
|
|
|
# If you want use the default route interface when you use multiple interface with dynamique route (iproute2)
|
|
|
|
|
# see https://docs.projectcalico.org/reference/node/configuration : FELIX_DEVICEROUTESOURCEADDRESS
|
|
|
|
|
# calico_use_default_route_src_ipaddr: false
|
2021-06-25 18:22:45 +08:00
|
|
|
|
|
|
|
|
|
# Enable calico traffic encryption with wireguard
|
|
|
|
|
# calico_wireguard_enabled: false
|
2021-09-18 07:08:07 +08:00
|
|
|
|
|
|
|
|
|
# Under certain situations liveness and readiness probes may need tunning
|
|
|
|
|
# calico_node_livenessprobe_timeout: 10
|
|
|
|
|
# calico_node_readinessprobe_timeout: 10
|
2022-04-08 15:02:42 +08:00
|
|
|
|
|
|
|
|
|
# Calico apiserver (only with kdd)
|
|
|
|
|
# calico_apiserver_enabled: false
|