--- # Enables Internet connectivity from containers nat_outgoing: true # add default ippool name calico_pool_name: "default-pool" calico_ipv4pool_ipip: "Off" # Use IP-over-IP encapsulation across hosts ipip: true ipip_mode: "{{ 'Always' if ipip else 'Never' }}" # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets calico_ipip_mode: "{{ ipip_mode }}" calico_vxlan_mode: 'Never' calico_cert_dir: /etc/calico/certs # Global as_num (/calico/bgp/v1/global/as_num) global_as_num: "64512" # You can set MTU value here. If left undefined or empty, it will # not be specified in calico CNI config, so Calico will use built-in # defaults. The value should be a number, not a string. # calico_mtu: 1500 # Limits for apps calico_node_memory_limit: 500M calico_node_cpu_limit: 300m calico_node_memory_requests: 64M calico_node_cpu_requests: 150m calico_felix_chaininsertmode: Insert # Enable Prometheus Metrics endpoint for felix calico_felix_prometheusmetricsenabled: false calico_felix_prometheusmetricsport: 9091 calico_felix_prometheusgometricsenabled: true calico_felix_prometheusprocessmetricsenabled: true ### check latest version https://github.com/projectcalico/calico-upgrade/releases calico_upgrade_enabled: true calico_upgrade_version: v1.0.5 calico_upgrade_url: "https://github.com/projectcalico/calico-upgrade/releases/download/{{ calico_upgrade_version }}/calico-upgrade" # Set the agent log level. Can be debug, warning, info or fatal calico_loglevel: info # Should calico ignore kernel's RPF check setting, # see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198 calico_node_ignorelooserpf: false # Define address on which Felix will respond to health requests calico_healthhost: "localhost" # Configure time in seconds that calico will wait for the iptables lock calico_iptables_lock_timeout_secs: 10 # Choose Calico iptables backend: "Iptables" or "NFT" (FELIX_IPTABLESBACKEND) calico_iptables_backend: "Iptables" # If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of: # * can-reach=DESTINATION # * interface=INTERFACE-REGEX # see https://docs.projectcalico.org/v3.0/reference/node/configuration#ip-autodetection-methods # calico_ip_auto_method: "interface=eth.*" calico_baremetal_nodename: "{{ kube_override_hostname | default(inventory_hostname) }}" ### do not enable this, this is detected in scope of tasks, this is just a default value calico_upgrade_needed: false kube_etcd_cacert_file: ca.pem kube_etcd_cert_file: node-{{ inventory_hostname }}.pem kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore) # The default value calico_datastore: "etcd" is set in role kubespray-default # Use typha (only with kdd) typha_enabled: false # Scaling typha: 1 replica per 100 nodes is adequate # Number of typha replicas typha_replicas: 1 # Set max typha connections typha_max_connections_lower_limit: 300 # Generate certifcates for typha<->calico-node communication typha_secure: false calico_feature_control: {}