---
# Enables Internet connectivity from containers
nat_outgoing: true

# Use IP-over-IP encapsulation across hosts
ipip: true
ipip_mode: always  # change to "cross-subnet" if you only want ipip encapsulation on traffic going across subnets

# Set to true if you want your calico cni binaries to overwrite the
# ones from hyperkube while leaving other cni plugins intact.
overwrite_hyperkube_cni: true

calico_cert_dir: /etc/calico/certs
etcd_cert_dir: /etc/ssl/etcd/ssl

# Global as_num (/calico/bgp/v1/global/as_num)
global_as_num: "64512"

# Set to true if you need to configure multiple pools (this is not common)
calico_ignore_extra_pools: false

# You can set MTU value here. If left undefined or empty, it will
# not be specified in calico CNI config, so Calico will use built-in
# defaults. The value should be a number, not a string.
# calico_mtu: 1500

# Limits for apps
calico_node_memory_limit: 500M
calico_node_cpu_limit: 300m
calico_node_memory_requests: 64M
calico_node_cpu_requests: 150m
calicoctl_memory_limit: 170M
calicoctl_cpu_limit: 100m
calicoctl_memory_requests: 32M
calicoctl_cpu_requests: 50m

# Enable Prometheus Metrics endpoint for felix
calico_felix_prometheusmetricsenabled: "false"
calico_felix_prometheusmetricsport: 9091
calico_felix_prometheusgometricsenabled: "true"
calico_felix_prometheusprocessmetricsenabled: "true"

# Should calico ignore kernel's RPF check setting,
# see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
calico_node_ignorelooserpf: false

rbac_resources:
  - sa
  - clusterrole
  - clusterrolebinding