kubespray/roles/network_plugin/calico/defaults/main.yml

158 lines
5.0 KiB
YAML

---
# the default value of name
calico_cni_name: k8s-pod-network
# Enables Internet connectivity from containers
nat_outgoing: true
# add default ippool name
calico_pool_name: "default-pool"
calico_ipv4pool_ipip: "Off"
# Change encapsulation mode, by default we enable vxlan which is the most mature and well tested mode
calico_ipip_mode: Never # valid values are 'Always', 'Never' and 'CrossSubnet'
calico_vxlan_mode: Always # valid values are 'Always', 'Never' and 'CrossSubnet'
calico_cni_pool: true
calico_cni_pool_ipv6: true
# add default ippool blockSize (defaults kube_network_node_prefix)
calico_pool_blocksize: 26
# Calico doesn't support ipip tunneling for the IPv6.
calico_ipip_mode_ipv6: Never
calico_vxlan_mode_ipv6: Never
# add default ipv6 ippool blockSize (defaults kube_network_node_prefix_ipv6)
calico_pool_blocksize_ipv6: 122
# Calico network backend can be 'bird', 'vxlan' and 'none'
calico_network_backend: vxlan
calico_cert_dir: /etc/calico/certs
# Global as_num (/calico/bgp/v1/global/as_num)
global_as_num: "64512"
# You can set MTU value here. If left undefined or empty, it will
# not be specified in calico CNI config, so Calico will use built-in
# defaults. The value should be a number, not a string.
# calico_mtu: 1500
# Advertise Service External IPs
calico_advertise_service_external_ips: []
# Adveritse Service LoadBalancer IPs
calico_advertise_service_loadbalancer_ips: []
# Calico eBPF support
calico_bpf_enabled: false
calico_bpf_log_level: ""
# Valid option for service mode: Tunnel (default), DSR=Direct Server Return
calico_bpf_service_mode: Tunnel
# Limits for apps
calico_node_memory_limit: 500M
calico_node_cpu_limit: 300m
calico_node_memory_requests: 64M
calico_node_cpu_requests: 150m
calico_felix_chaininsertmode: Insert
# Calico daemonset nodeselector
calico_ds_nodeselector: "kubernetes.io/os: linux"
# Virtual network ID to use for VXLAN traffic. A value of 0 means “use the kernel default”.
calico_vxlan_vni: 4096
# Port to use for VXLAN traffic. A value of 0 means “use the kernel default”.
calico_vxlan_port: 4789
# Enable Prometheus Metrics endpoint for felix
calico_felix_prometheusmetricsenabled: false
calico_felix_prometheusmetricsport: 9091
calico_felix_prometheusgometricsenabled: true
calico_felix_prometheusprocessmetricsenabled: true
# Set the agent log level. Can be debug, warning, info or fatal
calico_loglevel: info
calico_node_startup_loglevel: error
# Set log path for calico CNI plugin. Set to false to disable logging to disk.
calico_cni_log_file_path: /var/log/calico/cni/cni.log
# Enable or disable usage report to 'usage.projectcalico.org'
calico_usage_reporting: false
# Should calico ignore kernel's RPF check setting,
# see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
calico_node_ignorelooserpf: false
# Define address on which Felix will respond to health requests
calico_healthhost: "localhost"
# Configure time in seconds that calico will wait for the iptables lock
calico_iptables_lock_timeout_secs: 10
# Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND)
calico_iptables_backend: "Auto"
# Calico Wireguard support
calico_wireguard_enabled: false
calico_wireguard_packages: []
calico_wireguard_repo: https://download.copr.fedorainfracloud.org/results/jdoss/wireguard/epel-{{ ansible_distribution_major_version }}-$basearch/
# If you want to use non default IP_AUTODETECTION_METHOD, IP6_AUTODETECTION_METHOD for calico node set this option to one of:
# * can-reach=DESTINATION
# * interface=INTERFACE-REGEX
# see https://projectcalico.docs.tigera.io/reference/node/configuration#ip-autodetection-methods
# calico_ip_auto_method: "interface=eth.*"
# calico_ip6_auto_method: "interface=eth.*"
calico_baremetal_nodename: "{{ kube_override_hostname | default(inventory_hostname) }}"
kube_etcd_cacert_file: ca.pem
kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
# Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
# The default value for calico_datastore is set in role kubespray-default
# Use typha (only with kdd)
typha_enabled: false
typha_prometheusmetricsenabled: false
typha_prometheusmetricsport: 9093
# Scaling typha: 1 replica per 100 nodes is adequate
# Number of typha replicas
typha_replicas: 1
# Set max typha connections
typha_max_connections_lower_limit: 300
# Generate certifcates for typha<->calico-node communication
typha_secure: false
calico_feature_control: {}
# Calico default BGP port
calico_bgp_listen_port: 179
# Calico FelixConfiguration options
calico_felix_reporting_interval: 0s
calico_felix_log_severity_screen: Info
# Calico container settings
calico_allow_ip_forwarding: false
# Calico IPAM strictAffinity
calico_ipam_strictaffinity: false
# Calico IPAM autoAllocateBlocks
calico_ipam_autoallocateblocks: true
# Calico IPAM maxBlocksPerHost, default 0
calico_ipam_maxblocksperhost: 0
# Calico apiserver (only with kdd)
calico_apiserver_enabled: false