External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-01-22 06:58:09 -03:30
Code Issues Packages Projects Releases Wiki Activity
kubespray/roles/network_plugin/calico_defaults/defaults/main.yml
Max Gautier 8abf49ae13
Disable podCIDR allocation from control-plane when using calico (#10639) 
* Disable control plane allocating podCIDR for nodes when using calico

Calico does not use the .spec.podCIDR field for its IP address
management.
Furthermore, it can false positives from the kube controller manager if
kube_network_node_prefix and calico_pool_blocksize are unaligned, which
is the case with the default shipped by kubespray.

If the subnets obtained from using kube_network_node_prefix are bigger,
this would result at some point in the control plane thinking it does
not have subnets left for a new node, while calico will work without
problems.

Explicitely set a default value of false for calico_ipam_host_local to
facilitate its use in templates.

* Don't default to kube_network_node_prefix for calico_pool_blocksize

They have different semantics: kube_network_node_prefix is intended to
be the size of the subnet for all pods on a node, while there can be
more than on calico block of the specified size (they are allocated on
demand).

Besides, this commit does not actually change anything, because the
current code is buggy: we don't ever default to
kube_network_node_prefix, since the variable is defined in the role
defaults.
2023-12-12 14:38:36 +01:00

176 lines
5.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
# the default value of name
calico_cni_name: k8s-pod-network
# Enables Internet connectivity from containers
nat_outgoing: true
# add default ippool name
calico_pool_name: "default-pool"
calico_ipv4pool_ipip: "Off"
# Change encapsulation mode, by default we enable vxlan which is the most mature and well tested mode
calico_ipip_mode: Never # valid values are 'Always', 'Never' and 'CrossSubnet'
calico_vxlan_mode: Always # valid values are 'Always', 'Never' and 'CrossSubnet'
calico_cni_pool: true
calico_cni_pool_ipv6: true
# add default ippool blockSize
calico_pool_blocksize: 26
# Calico doesn't support ipip tunneling for the IPv6.
calico_ipip_mode_ipv6: Never
calico_vxlan_mode_ipv6: Never
# add default ipv6 ippool blockSize
calico_pool_blocksize_ipv6: 122
# Calico network backend can be 'bird', 'vxlan' and 'none'
calico_network_backend: vxlan
calico_cert_dir: /etc/calico/certs
# Global as_num (/calico/bgp/v1/global/as_num)
global_as_num: "64512"
# You can set MTU value here. If left undefined or empty, it will
# not be specified in calico CNI config, so Calico will use built-in
# defaults. The value should be a number, not a string.
# calico_mtu: 1500
# Advertise Service External IPs
calico_advertise_service_external_ips: []
# Advertise Service LoadBalancer IPs
calico_advertise_service_loadbalancer_ips: []
# Calico eBPF support
calico_bpf_enabled: false
calico_bpf_log_level: ""
# Valid option for service mode: Tunnel (default), DSR=Direct Server Return
calico_bpf_service_mode: Tunnel
# Calico floatingIPs support
# Valid option for floatingIPs: Disabled (default), Enabled
calico_felix_floating_ips: Disabled
# Limits for apps
calico_node_memory_limit: 500M
calico_node_cpu_limit: 300m
calico_node_memory_requests: 64M
calico_node_cpu_requests: 150m
calico_felix_chaininsertmode: Insert
# Calico daemonset nodeselector
calico_ds_nodeselector: "kubernetes.io/os: linux"
# Virtual network ID to use for VXLAN traffic. A value of 0 means “use the kernel default”.
calico_vxlan_vni: 4096
# Port to use for VXLAN traffic. A value of 0 means “use the kernel default”.
calico_vxlan_port: 4789
# Enable Prometheus Metrics endpoint for felix
calico_felix_prometheusmetricsenabled: false
calico_felix_prometheusmetricsport: 9091
calico_felix_prometheusgometricsenabled: true
calico_felix_prometheusprocessmetricsenabled: true
# Set the agent log level. Can be debug, warning, info or fatal
calico_loglevel: info
calico_node_startup_loglevel: error
# Set log path for calico CNI plugin. Set to false to disable logging to disk.
calico_cni_log_file_path: /var/log/calico/cni/cni.log
# Enable or disable usage report to 'usage.projectcalico.org'
calico_usage_reporting: false
# Should calico ignore kernel's RPF check setting,
# see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
calico_node_ignorelooserpf: false
# Define address on which Felix will respond to health requests
calico_healthhost: "localhost"
# Configure time in seconds that calico will wait for the iptables lock
calico_iptables_lock_timeout_secs: 10
# Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND)
calico_iptables_backend: "Auto"
# Calico Wireguard support
calico_wireguard_enabled: false
calico_wireguard_packages: []
calico_wireguard_repo: https://download.copr.fedorainfracloud.org/results/jdoss/wireguard/epel-{{ ansible_distribution_major_version }}-$basearch/
# If you want to use non default IP_AUTODETECTION_METHOD, IP6_AUTODETECTION_METHOD for calico node set this option to one of:
# * can-reach=DESTINATION
# * interface=INTERFACE-REGEX
# see https://projectcalico.docs.tigera.io/reference/node/configuration#ip-autodetection-methods
# calico_ip_auto_method: "interface=eth.*"
# calico_ip6_auto_method: "interface=eth.*"
# Set FELIX_MTUIFACEPATTERN, Pattern used to discover the hosts interface for MTU auto-detection.
# see https://projectcalico.docs.tigera.io/reference/felix/configuration
# calico_felix_mtu_iface_pattern: "^((en|wl|ww|sl|ib)[opsx].*|(eth|wlan|wwan).*)"
calico_baremetal_nodename: "{{ kube_override_hostname | default(inventory_hostname) }}"
kube_etcd_cacert_file: ca.pem
kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
# Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
# The default value for calico_datastore is set in role kubespray-default
# Use typha (only with kdd)
typha_enabled: false
typha_prometheusmetricsenabled: false
typha_prometheusmetricsport: 9093
# Scaling typha: 1 replica per 100 nodes is adequate
# Number of typha replicas
typha_replicas: 1
# Set max typha connections
typha_max_connections_lower_limit: 300
# Generate certifcates for typha<->calico-node communication
typha_secure: false
calico_feature_control: {}
# Calico default BGP port
calico_bgp_listen_port: 179
# Calico FelixConfiguration options
calico_felix_reporting_interval: 0s
calico_felix_log_severity_screen: Info
# Calico container settings
calico_allow_ip_forwarding: false
# Calico IPAM strictAffinity
calico_ipam_strictaffinity: false
# Calico IPAM autoAllocateBlocks
calico_ipam_autoallocateblocks: true
# Calico IPAM maxBlocksPerHost, default 0
calico_ipam_maxblocksperhost: 0
# Calico host local IPAM (use node .spec.podCIDR)
calico_ipam_host_local: false
# Calico apiserver (only with kdd)
calico_apiserver_enabled: false
# Calico feature detect override
calico_feature_detect_override: ""
# Calico kubeconfig wait timeout in seconds
calico_kubeconfig_wait_timeout: 300
Reference in New Issue View Git Blame Copy Permalink