3a39904011
By default Calico CNI does not create any network access policies or profiles if 'policy' is enabled in CNI config. And without any policies/profiles network access to/from PODs is blocked. K8s related policies are created by calico-policy-controller in such case. So we need to start it as soon as possible, before any real workloads. This patch also fixes kube-api port in calico-policy-controller yaml template. Closes #1132
9 lines
278 B
YAML
9 lines
278 B
YAML
# Limits for calico apps
|
|
calico_policy_controller_cpu_limit: 100m
|
|
calico_policy_controller_memory_limit: 256M
|
|
calico_policy_controller_cpu_requests: 30m
|
|
calico_policy_controller_memory_requests: 64M
|
|
|
|
# SSL
|
|
calico_cert_dir: "/etc/calico/certs"
|
|
canal_cert_dir: "/etc/canal/certs"
|