--- # the default value of name calico_cni_name: k8s-pod-network # Enables Internet connectivity from containers nat_outgoing: true # add default ippool name calico_pool_name: "default-pool" calico_ipv4pool_ipip: "Off" # Change encapsulation mode, by default we enable vxlan which is the most mature and well tested mode calico_ipip_mode: Never # valid values are 'Always', 'Never' and 'CrossSubnet' calico_vxlan_mode: Always # valid values are 'Always', 'Never' and 'CrossSubnet' calico_cni_pool: true calico_cni_pool_ipv6: true # add default ippool blockSize calico_pool_blocksize: 26 # Calico doesn't support ipip tunneling for the IPv6. calico_ipip_mode_ipv6: Never calico_vxlan_mode_ipv6: Never # add default ipv6 ippool blockSize calico_pool_blocksize_ipv6: 122 # Calico network backend can be 'bird', 'vxlan' and 'none' calico_network_backend: vxlan calico_cert_dir: /etc/calico/certs # Global as_num (/calico/bgp/v1/global/as_num) global_as_num: "64512" # You can set MTU value here. If left undefined or empty, it will # not be specified in calico CNI config, so Calico will use built-in # defaults. The value should be a number, not a string. # calico_mtu: 1500 # Advertise Service External IPs calico_advertise_service_external_ips: [] # Advertise Service LoadBalancer IPs calico_advertise_service_loadbalancer_ips: [] # Calico eBPF support calico_bpf_enabled: false calico_bpf_log_level: "" # Valid option for service mode: Tunnel (default), DSR=Direct Server Return calico_bpf_service_mode: Tunnel # Calico floatingIPs support # Valid option for floatingIPs: Disabled (default), Enabled calico_felix_floating_ips: Disabled # Limits for apps calico_node_memory_limit: 500M calico_node_cpu_limit: 300m calico_node_memory_requests: 64M calico_node_cpu_requests: 150m calico_felix_chaininsertmode: Insert # Calico daemonset nodeselector calico_ds_nodeselector: "kubernetes.io/os: linux" # Virtual network ID to use for VXLAN traffic. A value of 0 means “use the kernel default”. calico_vxlan_vni: 4096 # Port to use for VXLAN traffic. A value of 0 means “use the kernel default”. calico_vxlan_port: 4789 # Enable Prometheus Metrics endpoint for felix calico_felix_prometheusmetricsenabled: false calico_felix_prometheusmetricsport: 9091 calico_felix_prometheusgometricsenabled: true calico_felix_prometheusprocessmetricsenabled: true # Set the agent log level. Can be debug, warning, info or fatal calico_loglevel: info calico_node_startup_loglevel: error # Set log path for calico CNI plugin. Set to false to disable logging to disk. calico_cni_log_file_path: /var/log/calico/cni/cni.log # Enable or disable usage report to 'usage.projectcalico.org' calico_usage_reporting: false # Should calico ignore kernel's RPF check setting, # see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198 calico_node_ignorelooserpf: false # Define address on which Felix will respond to health requests calico_healthhost: "localhost" # Configure time in seconds that calico will wait for the iptables lock calico_iptables_lock_timeout_secs: 10 # Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND) calico_iptables_backend: "Auto" # Calico Wireguard support calico_wireguard_enabled: false calico_wireguard_packages: [] calico_wireguard_repo: https://download.copr.fedorainfracloud.org/results/jdoss/wireguard/epel-{{ ansible_distribution_major_version }}-$basearch/ # If you want to use non default IP_AUTODETECTION_METHOD, IP6_AUTODETECTION_METHOD for calico node set this option to one of: # * can-reach=DESTINATION # * interface=INTERFACE-REGEX # see https://projectcalico.docs.tigera.io/reference/node/configuration#ip-autodetection-methods # calico_ip_auto_method: "interface=eth.*" # calico_ip6_auto_method: "interface=eth.*" # Set FELIX_MTUIFACEPATTERN, Pattern used to discover the host’s interface for MTU auto-detection. # see https://projectcalico.docs.tigera.io/reference/felix/configuration # calico_felix_mtu_iface_pattern: "^((en|wl|ww|sl|ib)[opsx].*|(eth|wlan|wwan).*)" calico_baremetal_nodename: "{{ kube_override_hostname | default(inventory_hostname) }}" kube_etcd_cacert_file: ca.pem kube_etcd_cert_file: node-{{ inventory_hostname }}.pem kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore) # The default value for calico_datastore is set in role kubespray-default # Use typha (only with kdd) typha_enabled: false typha_prometheusmetricsenabled: false typha_prometheusmetricsport: 9093 # Scaling typha: 1 replica per 100 nodes is adequate # Number of typha replicas typha_replicas: 1 # Set max typha connections typha_max_connections_lower_limit: 300 # Generate certifcates for typha<->calico-node communication typha_secure: false calico_feature_control: {} # Calico default BGP port calico_bgp_listen_port: 179 # Calico FelixConfiguration options calico_felix_reporting_interval: 0s calico_felix_log_severity_screen: Info # Calico container settings calico_allow_ip_forwarding: false # Calico IPAM strictAffinity calico_ipam_strictaffinity: false # Calico IPAM autoAllocateBlocks calico_ipam_autoallocateblocks: true # Calico IPAM maxBlocksPerHost, default 0 calico_ipam_maxblocksperhost: 0 # Calico host local IPAM (use node .spec.podCIDR) calico_ipam_host_local: false # Calico apiserver (only with kdd) calico_apiserver_enabled: false # Calico feature detect override calico_feature_detect_override: "" # Calico kubeconfig wait timeout in seconds calico_kubeconfig_wait_timeout: 300