2016-01-30 15:04:47 +00:00
|
|
|
---
|
2016-02-21 11:42:23 +00:00
|
|
|
# Enables Internet connectivity from containers
|
|
|
|
nat_outgoing: true
|
2016-03-23 16:27:06 +00:00
|
|
|
|
2016-07-21 11:05:40 +00:00
|
|
|
# Use IP-over-IP encapsulation across hosts
|
2017-06-23 07:16:05 +00:00
|
|
|
ipip: true
|
2017-07-04 23:05:16 +00:00
|
|
|
ipip_mode: always # change to "cross-subnet" if you only want ipip encapsulation on traffic going across subnets
|
2016-07-21 11:05:40 +00:00
|
|
|
|
2016-09-22 15:34:11 +00:00
|
|
|
# Set to true if you want your calico cni binaries to overwrite the
|
|
|
|
# ones from hyperkube while leaving other cni plugins intact.
|
2016-10-08 17:19:25 +00:00
|
|
|
overwrite_hyperkube_cni: true
|
2016-11-09 10:44:41 +00:00
|
|
|
|
|
|
|
calico_cert_dir: /etc/calico/certs
|
|
|
|
etcd_cert_dir: /etc/ssl/etcd/ssl
|
2016-11-14 07:48:28 +00:00
|
|
|
|
2016-12-08 16:48:54 +00:00
|
|
|
# Global as_num (/calico/bgp/v1/global/as_num)
|
|
|
|
global_as_num: "64512"
|
|
|
|
|
2016-11-14 07:48:28 +00:00
|
|
|
# You can set MTU value here. If left undefined or empty, it will
|
|
|
|
# not be specified in calico CNI config, so Calico will use built-in
|
|
|
|
# defaults. The value should be a number, not a string.
|
|
|
|
# calico_mtu: 1500
|
2016-12-23 14:44:44 +00:00
|
|
|
|
|
|
|
# Limits for apps
|
|
|
|
calico_node_memory_limit: 500M
|
|
|
|
calico_node_cpu_limit: 300m
|
2017-02-27 16:53:43 +00:00
|
|
|
calico_node_memory_requests: 64M
|
2016-12-23 14:44:44 +00:00
|
|
|
calico_node_cpu_requests: 150m
|
|
|
|
calicoctl_memory_limit: 170M
|
|
|
|
calicoctl_cpu_limit: 100m
|
2017-02-27 16:53:43 +00:00
|
|
|
calicoctl_memory_requests: 32M
|
2016-12-23 14:44:44 +00:00
|
|
|
calicoctl_cpu_requests: 50m
|
2017-08-20 11:01:09 +00:00
|
|
|
|
2017-10-03 21:24:05 +00:00
|
|
|
# Enable Prometheus Metrics endpoint for felix
|
|
|
|
calico_felix_prometheusmetricsenabled: "false"
|
|
|
|
calico_felix_prometheusmetricsport: 9091
|
|
|
|
calico_felix_prometheusgometricsenabled: "true"
|
|
|
|
calico_felix_prometheusprocessmetricsenabled: "true"
|
|
|
|
|
2017-08-20 11:01:09 +00:00
|
|
|
# Should calico ignore kernel's RPF check setting,
|
|
|
|
# see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
|
|
|
|
calico_node_ignorelooserpf: false
|
2017-09-04 08:29:51 +00:00
|
|
|
|
|
|
|
rbac_resources:
|
|
|
|
- sa
|
|
|
|
- clusterrole
|
|
|
|
- clusterrolebinding
|
2018-03-23 22:54:17 +00:00
|
|
|
|
|
|
|
# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
|
|
|
|
# * can-reach=DESTINATION
|
|
|
|
# * interface=INTERFACE-REGEX
|
|
|
|
# see https://docs.projectcalico.org/v3.0/reference/node/configuration#ip-autodetection-methods
|
|
|
|
#calico_ip_auto_method: "interface=eth.*"
|