# This ConfigMap can be used to configure a self-hosted Canal installation.
# See `canal.yaml` for an example of a Canal deployment which uses
# the config in this ConfigMap.
kind: ConfigMap
apiVersion: v1
metadata:
  name: canal-config
  namespace: kube-system
data:
  # Configure this with the location of your etcd cluster.
  etcd_endpoints: "{{ etcd_access_addresses }}"
  # If you're using TLS enabled etcd uncomment the following.
  # You must also populate the Secret below with these files.
  etcd_ca: "/calico-secrets/etcd-ca"
  etcd_cert: "/calico-secrets/etcd-cert"
  etcd_key: "/calico-secrets/etcd-key"

  # Typha is disabled.
  typha_service_name: "none"

  # The interface used by canal for host <-> host communication.
  # If left blank, then the interface is chosen using the node's
  # default route.
  canal_iface: "{{ canal_iface }}"

  # Whether or not to masquerade traffic to destinations not within
  # the pod network.
  masquerade: "{{ canal_masquerade }}"

  # Configure the MTU to use for workload interfaces and tunnels.
  # By default, MTU is auto-detected, and explicitly setting this field should not be required.
  # You can override auto-detection by providing a non-zero value.
  veth_mtu: "0"

  # The CNI network configuration to install on each node. The special
  # values in this config will be automatically populated.
  cni_network_config: |-
    {
        "name": "canal",
        "cniVersion": "0.3.1",
        "plugins": [
            {
                "type": "flannel",
                "delegate": {
                    "type": "calico",
                    "include_default_routes": true,
                    "etcd_endpoints": "__ETCD_ENDPOINTS__",
                    "etcd_key_file": "__ETCD_KEY_FILE__",
                    "etcd_cert_file": "__ETCD_CERT_FILE__",
                    "etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
                    "log_level": "info",
{% if calico_cni_log_file_path %}
                    "log_file_path": "{{ calico_cni_log_file_path }}",
{% endif %}
                    "policy": {
                        "type": "k8s",
                        "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
                        "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
                    },
                    "kubernetes": {
                        "kubeconfig": "__KUBECONFIG_FILEPATH__"
                    }
                }
            },
            {
                "type": "portmap",
                "capabilities": {"portMappings": true},
                "snat": true
            }
        ]
    }
  # Flannel network configuration. Mounted into the flannel container.
  net-conf.json: |
    {
      "Network": "{{ kube_pods_subnet }}",
      "Backend": {
        "Type": "vxlan"
      }
    }