158d998ec4
* Support configuring the insert mode Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration so nothing should change for existing deployments. This allows coexistence with other firewall management technologies. * Add a note to the sample config
67 lines
2.2 KiB
YAML
67 lines
2.2 KiB
YAML
# see roles/network_plugin/calico/defaults/main.yml
|
|
|
|
## With calico it is possible to distributed routes with border routers of the datacenter.
|
|
## Warning : enabling router peering will disable calico's default behavior ('node mesh').
|
|
## The subnets of each nodes will be distributed by the datacenter router
|
|
# peer_with_router: false
|
|
|
|
# Enables Internet connectivity from containers
|
|
# nat_outgoing: true
|
|
|
|
# add default ippool name
|
|
# calico_pool_name: "default-pool"
|
|
|
|
# add default ippool blockSize (defaults kube_network_node_prefix)
|
|
# calico_pool_blocksize: 24
|
|
|
|
# add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
|
|
# calico_pool_cidr: 1.2.3.4/5
|
|
|
|
# Global as_num (/calico/bgp/v1/global/as_num)
|
|
# global_as_num: "64512"
|
|
|
|
# You can set MTU value here. If left undefined or empty, it will
|
|
# not be specified in calico CNI config, so Calico will use built-in
|
|
# defaults. The value should be a number, not a string.
|
|
# calico_mtu: 1500
|
|
|
|
# Advertise Cluster IPs
|
|
# calico_advertise_cluster_ips: true
|
|
|
|
# Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
|
|
# calico_datastore: "etcd"
|
|
|
|
# Choose Calico iptables backend: "Iptables" or "NFT"
|
|
# calico_iptables_backend: "Iptables"
|
|
|
|
# Use typha (only with kdd)
|
|
# typha_enabled: false
|
|
|
|
# Generate TLS certs for secure typha<->calico-node communication
|
|
# typha_secure: false
|
|
|
|
# Scaling typha: 1 replica per 100 nodes is adequate
|
|
# Number of typha replicas
|
|
# typha_replicas: 1
|
|
|
|
# Set max typha connections
|
|
# typha_max_connections_lower_limit: 300
|
|
|
|
# Set calico network backend: "bird", "vxlan" or "none"
|
|
# bird enable BGP routing, required for ipip mode.
|
|
# calico_network_backend: bird
|
|
|
|
# IP in IP and VXLAN is mutualy exclusive modes.
|
|
# set IP in IP encapsulation mode: "Always", "CrossSubnet", "Never"
|
|
# calico_ipip_mode: 'Always'
|
|
|
|
# set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never"
|
|
# calico_vxlan_mode: 'Never'
|
|
|
|
# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
|
|
# * can-reach=DESTINATION
|
|
# * interface=INTERFACE-REGEX
|
|
# see https://docs.projectcalico.org/reference/node/configuration
|
|
# calico_ip_auto_method: "interface=eth.*"
|
|
# Choose the iptables insert mode for Calico: "Insert" or "Append".
|
|
# calico_felix_chaininsertmode: Insert
|