2 # see roles/network_plugin/calico/defaults/main.yml
4 # the default value of name
5 calico_cni_name: k8s-pod-network
7 ## With calico it is possible to distributed routes with border routers of the datacenter.
8 ## Warning : enabling router peering will disable calico's default behavior ('node mesh').
9 ## The subnets of each nodes will be distributed by the datacenter router
10 # peer_with_router: false
12 # Enables Internet connectivity from containers
15 # Enables Calico CNI "host-local" IPAM plugin
16 # calico_ipam_host_local: true
18 # add default ippool name
19 # calico_pool_name: "default-pool"
21 # add default ippool blockSize (defaults kube_network_node_prefix)
22 calico_pool_blocksize: 26
24 # add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
25 # calico_pool_cidr: 1.2.3.4/5
27 # add default ippool CIDR to CNI config
28 # calico_cni_pool: true
30 # Add default IPV6 IPPool CIDR. Must be inside kube_pods_subnet_ipv6. Defaults to kube_pods_subnet_ipv6 if not set.
31 # calico_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
33 # Add default IPV6 IPPool CIDR to CNI config
34 # calico_cni_pool_ipv6: true
36 # Global as_num (/calico/bgp/v1/global/as_num)
37 # global_as_num: "64512"
39 # If doing peering with node-assigned asn where the globas does not match your nodes, you want this
40 # to be true. All other cases, false.
41 # calico_no_global_as_num: false
43 # You can set MTU value here. If left undefined or empty, it will
44 # not be specified in calico CNI config, so Calico will use built-in
45 # defaults. The value should be a number, not a string.
48 # Configure the MTU to use for workload interfaces and tunnels.
49 # - If Wireguard is enabled, subtract 60 from your network MTU (i.e 1500-60=1440)
50 # - Otherwise, if VXLAN or BPF mode is enabled, subtract 50 from your network MTU (i.e. 1500-50=1450)
51 # - Otherwise, if IPIP is enabled, subtract 20 from your network MTU (i.e. 1500-20=1480)
52 # - Otherwise, if not using any encapsulation, set to your network MTU (i.e. 1500)
53 # calico_veth_mtu: 1440
55 # Advertise Cluster IPs
56 # calico_advertise_cluster_ips: true
58 # Advertise Service External IPs
59 # calico_advertise_service_external_ips:
63 # Adveritse Service LoadBalancer IPs
64 # calico_advertise_service_loadbalancer_ips:
68 # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
69 # calico_datastore: "kdd"
71 # Choose Calico iptables backend: "Legacy", "Auto" or "NFT"
72 # calico_iptables_backend: "Auto"
74 # Use typha (only with kdd)
75 # typha_enabled: false
77 # Generate TLS certs for secure typha<->calico-node communication
80 # Scaling typha: 1 replica per 100 nodes is adequate
81 # Number of typha replicas
84 # Set max typha connections
85 # typha_max_connections_lower_limit: 300
87 # Set calico network backend: "bird", "vxlan" or "none"
88 # bird enable BGP routing, required for ipip and no encapsulation modes
89 # calico_network_backend: vxlan
91 # IP in IP and VXLAN is mutualy exclusive modes.
92 # set IP in IP encapsulation mode: "Always", "CrossSubnet", "Never"
93 # calico_ipip_mode: 'Never'
95 # set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never"
96 # calico_vxlan_mode: 'Always'
98 # set VXLAN port and VNI
99 # calico_vxlan_vni: 4096
100 # calico_vxlan_port: 4789
103 # calico_bpf_enabled: false
105 # If you want to use non default IP_AUTODETECTION_METHOD, IP6_AUTODETECTION_METHOD for calico node set this option to one of:
106 # * can-reach=DESTINATION
107 # * interface=INTERFACE-REGEX
108 # see https://docs.projectcalico.org/reference/node/configuration
109 # calico_ip_auto_method: "interface=eth.*"
110 # calico_ip6_auto_method: "interface=eth.*"
112 # Choose the iptables insert mode for Calico: "Insert" or "Append".
113 # calico_felix_chaininsertmode: Insert
115 # If you want use the default route interface when you use multiple interface with dynamique route (iproute2)
116 # see https://docs.projectcalico.org/reference/node/configuration : FELIX_DEVICEROUTESOURCEADDRESS
117 # calico_use_default_route_src_ipaddr: false
119 # Enable calico traffic encryption with wireguard
120 # calico_wireguard_enabled: false
122 # Under certain situations liveness and readiness probes may need tunning
123 # calico_node_livenessprobe_timeout: 10
124 # calico_node_readinessprobe_timeout: 10
126 # Calico apiserver (only with kdd)
127 # calico_apiserver_enabled: false