2016-01-30 15:04:47 +00:00
|
|
|
---
|
2016-02-21 11:42:23 +00:00
|
|
|
# Enables Internet connectivity from containers
|
|
|
|
nat_outgoing: true
|
2016-03-23 16:27:06 +00:00
|
|
|
|
2018-09-06 14:26:57 +00:00
|
|
|
# add default ippool name
|
2018-08-23 14:17:18 +00:00
|
|
|
calico_pool_name: "default-pool"
|
2018-10-12 07:09:36 +00:00
|
|
|
calico_ipv4pool_ipip: "Off"
|
2018-08-23 14:17:18 +00:00
|
|
|
|
2016-07-21 11:05:40 +00:00
|
|
|
# Use IP-over-IP encapsulation across hosts
|
2017-06-23 07:16:05 +00:00
|
|
|
ipip: true
|
2019-04-10 12:50:15 +00:00
|
|
|
ipip_mode: "{{ 'Always' if ipip else 'Never' }}" # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
|
2020-03-12 08:20:37 +00:00
|
|
|
calico_ipip_mode: "{{ ipip_mode }}"
|
|
|
|
calico_vxlan_mode: 'Never'
|
2016-07-21 11:05:40 +00:00
|
|
|
|
2016-11-09 10:44:41 +00:00
|
|
|
calico_cert_dir: /etc/calico/certs
|
2016-11-14 07:48:28 +00:00
|
|
|
|
2016-12-08 16:48:54 +00:00
|
|
|
# Global as_num (/calico/bgp/v1/global/as_num)
|
|
|
|
global_as_num: "64512"
|
|
|
|
|
2016-11-14 07:48:28 +00:00
|
|
|
# You can set MTU value here. If left undefined or empty, it will
|
|
|
|
# not be specified in calico CNI config, so Calico will use built-in
|
|
|
|
# defaults. The value should be a number, not a string.
|
|
|
|
# calico_mtu: 1500
|
2016-12-23 14:44:44 +00:00
|
|
|
|
|
|
|
# Limits for apps
|
|
|
|
calico_node_memory_limit: 500M
|
|
|
|
calico_node_cpu_limit: 300m
|
2017-02-27 16:53:43 +00:00
|
|
|
calico_node_memory_requests: 64M
|
2016-12-23 14:44:44 +00:00
|
|
|
calico_node_cpu_requests: 150m
|
2020-03-14 13:36:35 +00:00
|
|
|
calico_felix_chaininsertmode: Insert
|
2017-08-20 11:01:09 +00:00
|
|
|
|
2020-09-22 08:04:48 +00:00
|
|
|
# Virtual network ID to use for VXLAN traffic. A value of 0 means “use the kernel default”.
|
|
|
|
calico_vxlan_vni: 4096
|
|
|
|
|
|
|
|
# Port to use for VXLAN traffic. A value of 0 means “use the kernel default”.
|
|
|
|
calico_vxlan_port: 4789
|
|
|
|
|
2017-10-03 21:24:05 +00:00
|
|
|
# Enable Prometheus Metrics endpoint for felix
|
2019-03-29 23:07:09 +00:00
|
|
|
calico_felix_prometheusmetricsenabled: false
|
2017-10-03 21:24:05 +00:00
|
|
|
calico_felix_prometheusmetricsport: 9091
|
2019-03-29 23:07:09 +00:00
|
|
|
calico_felix_prometheusgometricsenabled: true
|
|
|
|
calico_felix_prometheusprocessmetricsenabled: true
|
2017-10-03 21:24:05 +00:00
|
|
|
|
2018-08-23 14:17:18 +00:00
|
|
|
### check latest version https://github.com/projectcalico/calico-upgrade/releases
|
2018-09-06 12:49:06 +00:00
|
|
|
calico_upgrade_enabled: true
|
2018-08-23 14:17:18 +00:00
|
|
|
calico_upgrade_version: v1.0.5
|
2019-01-23 08:15:10 +00:00
|
|
|
calico_upgrade_url: "https://github.com/projectcalico/calico-upgrade/releases/download/{{ calico_upgrade_version }}/calico-upgrade"
|
2018-08-23 14:17:18 +00:00
|
|
|
|
2018-11-28 08:55:01 +00:00
|
|
|
# Set the agent log level. Can be debug, warning, info or fatal
|
|
|
|
calico_loglevel: info
|
|
|
|
|
2020-04-27 07:03:30 +00:00
|
|
|
# Enable or disable usage report to 'usage.projectcalico.org'
|
|
|
|
calico_usage_reporting: false
|
|
|
|
|
2017-08-20 11:01:09 +00:00
|
|
|
# Should calico ignore kernel's RPF check setting,
|
|
|
|
# see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
|
|
|
|
calico_node_ignorelooserpf: false
|
2017-09-04 08:29:51 +00:00
|
|
|
|
2018-09-18 12:48:29 +00:00
|
|
|
# Define address on which Felix will respond to health requests
|
|
|
|
calico_healthhost: "localhost"
|
|
|
|
|
2020-02-19 10:28:25 +00:00
|
|
|
# Configure time in seconds that calico will wait for the iptables lock
|
|
|
|
calico_iptables_lock_timeout_secs: 10
|
|
|
|
|
2020-04-27 07:03:39 +00:00
|
|
|
# Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND)
|
|
|
|
calico_iptables_backend: "Legacy"
|
2020-01-08 10:27:40 +00:00
|
|
|
|
2018-03-23 22:54:17 +00:00
|
|
|
# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
|
|
|
|
# * can-reach=DESTINATION
|
|
|
|
# * interface=INTERFACE-REGEX
|
|
|
|
# see https://docs.projectcalico.org/v3.0/reference/node/configuration#ip-autodetection-methods
|
2018-03-28 14:30:00 +00:00
|
|
|
# calico_ip_auto_method: "interface=eth.*"
|
2018-05-14 12:13:51 +00:00
|
|
|
|
2019-02-14 00:02:48 +00:00
|
|
|
calico_baremetal_nodename: "{{ kube_override_hostname | default(inventory_hostname) }}"
|
2018-08-23 14:17:18 +00:00
|
|
|
|
|
|
|
### do not enable this, this is detected in scope of tasks, this is just a default value
|
2018-09-06 12:49:06 +00:00
|
|
|
calico_upgrade_needed: false
|
2019-04-19 13:01:54 +00:00
|
|
|
|
|
|
|
kube_etcd_cacert_file: ca.pem
|
|
|
|
kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
|
|
|
|
kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
|
2019-04-25 12:00:48 +00:00
|
|
|
|
|
|
|
# Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
|
2019-10-17 12:58:38 +00:00
|
|
|
# The default value calico_datastore: "etcd" is set in role kubespray-default
|
|
|
|
|
2019-04-25 12:00:48 +00:00
|
|
|
# Use typha (only with kdd)
|
|
|
|
typha_enabled: false
|
2020-01-10 08:24:33 +00:00
|
|
|
|
|
|
|
# Scaling typha: 1 replica per 100 nodes is adequate
|
2019-04-25 12:00:48 +00:00
|
|
|
# Number of typha replicas
|
|
|
|
typha_replicas: 1
|
2019-06-17 06:14:07 +00:00
|
|
|
|
2020-01-10 08:24:33 +00:00
|
|
|
# Set max typha connections
|
|
|
|
typha_max_connections_lower_limit: 300
|
|
|
|
|
2019-10-17 14:02:38 +00:00
|
|
|
# Generate certifcates for typha<->calico-node communication
|
|
|
|
typha_secure: false
|
|
|
|
|
2019-06-17 06:14:07 +00:00
|
|
|
calico_feature_control: {}
|