a1fff30bd9
* Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
82 lines
2.8 KiB
YAML
82 lines
2.8 KiB
YAML
---
|
|
# Enables Internet connectivity from containers
|
|
nat_outgoing: true
|
|
|
|
# add default ippool name
|
|
calico_pool_name: "default-pool"
|
|
calico_ipv4pool_ipip: "Off"
|
|
|
|
# Use IP-over-IP encapsulation across hosts
|
|
ipip: true
|
|
ipip_mode: "{{ 'Always' if ipip else 'Never' }}" # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
|
|
|
|
calico_cert_dir: /etc/calico/certs
|
|
|
|
# Global as_num (/calico/bgp/v1/global/as_num)
|
|
global_as_num: "64512"
|
|
|
|
# You can set MTU value here. If left undefined or empty, it will
|
|
# not be specified in calico CNI config, so Calico will use built-in
|
|
# defaults. The value should be a number, not a string.
|
|
# calico_mtu: 1500
|
|
|
|
# Limits for apps
|
|
calico_node_memory_limit: 500M
|
|
calico_node_cpu_limit: 300m
|
|
calico_node_memory_requests: 64M
|
|
calico_node_cpu_requests: 150m
|
|
calicoctl_memory_limit: 170M
|
|
calicoctl_cpu_limit: 100m
|
|
calicoctl_memory_requests: 32M
|
|
calicoctl_cpu_requests: 250m
|
|
|
|
# Enable Prometheus Metrics endpoint for felix
|
|
calico_felix_prometheusmetricsenabled: false
|
|
calico_felix_prometheusmetricsport: 9091
|
|
calico_felix_prometheusgometricsenabled: true
|
|
calico_felix_prometheusprocessmetricsenabled: true
|
|
|
|
### check latest version https://github.com/projectcalico/calico-upgrade/releases
|
|
calico_upgrade_enabled: true
|
|
calico_upgrade_version: v1.0.5
|
|
calico_upgrade_url: "https://github.com/projectcalico/calico-upgrade/releases/download/{{ calico_upgrade_version }}/calico-upgrade"
|
|
|
|
# Set the agent log level. Can be debug, warning, info or fatal
|
|
calico_loglevel: info
|
|
|
|
# Should calico ignore kernel's RPF check setting,
|
|
# see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
|
|
calico_node_ignorelooserpf: false
|
|
|
|
# Define address on which Felix will respond to health requests
|
|
calico_healthhost: "localhost"
|
|
|
|
# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
|
|
# * can-reach=DESTINATION
|
|
# * interface=INTERFACE-REGEX
|
|
# see https://docs.projectcalico.org/v3.0/reference/node/configuration#ip-autodetection-methods
|
|
# calico_ip_auto_method: "interface=eth.*"
|
|
|
|
calico_baremetal_nodename: "{{ kube_override_hostname | default(inventory_hostname) }}"
|
|
|
|
### do not enable this, this is detected in scope of tasks, this is just a default value
|
|
calico_upgrade_needed: false
|
|
|
|
kube_etcd_cacert_file: ca.pem
|
|
kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
|
|
kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
|
|
|
|
# Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
|
|
# The default value calico_datastore: "etcd" is set in role kubespray-default
|
|
|
|
# Use typha (only with kdd)
|
|
typha_enabled: false
|
|
# Number of typha replicas
|
|
typha_replicas: 1
|
|
|
|
# Generate certifcates for typha<->calico-node communication
|
|
typha_secure: false
|
|
|
|
|
|
calico_feature_control: {}
|