richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5938 Commits
34 Branches
82 Tags
155 MiB
Tree: 0ac364dfae
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ac364dfae'
${ noResults }
kubespray/roles/network_plugin/calico/defaults/main.yml

125 lines
4.0 KiB
Raw Normal View History

split network plugins into distinct roles
9 years ago
calico: enabling nat outgoing by default
9 years ago
choose between gce and aws cloud providers
9 years ago
Fix yaml checks
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
calico CALICO_IPV4POOL_IPIP overriding variable (#3507)
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Support --ipip option for calico pool Adds new boolean configuration variable for calico network plugin `ipip`. When it's enabled calico pool is created with '--ipip' option (IP-over-IP encapsulation across hosts). Also refactor pool creation tasks to simplify logic and make tasks more readable.
8 years ago
updated to direct control over ipip
7 years ago
Fix ipip: false in calico v3 (#4473)
5 years ago
add calico VXLAN mode, update docs and vars in sample inventory (#5731) * calico VXLAN mode * check vars if calico backend defined
5 years ago
Support --ipip option for calico pool Adds new boolean configuration variable for calico network plugin `ipip`. When it's enabled calico pool is created with '--ipip' option (IP-over-IP encapsulation across hosts). Also refactor pool creation tasks to simplify logic and make tasks more readable.
8 years ago
Changes to support Dual Stack networking
4 years ago
Add etcd TLS support
8 years ago
Move CNI config and add MTU support for calico-cni - Move CNI configuration creation for Calico to appropriate network_plugin role from kubernetes/node. - Add support for MTU configuration in Calico.
8 years ago
Add calico/routereflector support Add BGP route reflectors support in order to optimize BGP topology for deployments with Calico network plugin. Also bump version of calico/ctl for some bug fixes.
8 years ago
Move CNI config and add MTU support for calico-cni - Move CNI configuration creation for Calico to appropriate network_plugin role from kubernetes/node. - Add support for MTU configuration in Calico.
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add serviceExternalIPs option for calico installation (#6928)
4 years ago
Support Calico advertisement of MetalLB LoadBalancer IPs (#7593) * add initial MetalLB docs * metallb allow disabling the deployment of the metallb speaker * calico>=3.18 allow using calico to advertise service loadbalancer IPs * Document the use of MetalLB and Calico * clean MetalLB docs
3 years ago
Calico enable support for eBPF (#7618) * Calico: align manifests with upstream * allow enabling typha prometheus metrics * Calico: enable eBPF support * manage the kubernetes-services-endpoint configmap * Calico: document the use of eBPF dataplane * Calico: improve checks before deployment * enforce disabling kube-proxy when using eBPF dataplane * ensure calico_version is supported
3 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Lower default memory requests This is to address out of memory issues on CI as well as help fit deployments for people starting out with kargo on smaller machines
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Support configuring the Calico iptables insert mode (#5473) * Support configuring the insert mode Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration so nothing should change for existing deployments. This allows coexistence with other firewall management technologies. * Add a note to the sample config
5 years ago
Add calico variable that enables ignoring Kernel's RPF Setting (#1493)
7 years ago
Add nodeSelctor for other services and node labels before CNI setup (#7613)
3 years ago
Added ability to set calico vxlan vni and port. defaults to calico's … (#6678) * Added ability to set calico vxlan vni and port. defaults to calico's documented defaults. * Check if calico_network_backend is defined prior to checking value * Removed calico hidden defaults for vxlan port and vni * Fixed FELIX_VXLANVNI typo
4 years ago
Adding calico/node env vars for prometheus configuration
7 years ago
Calico felix - Fix jinja2 boolean condition (#4348) * Fix jinja2 boolean condition * Convert all felix variable to booleans instead.
6 years ago
Adding calico/node env vars for prometheus configuration
7 years ago
Calico felix - Fix jinja2 boolean condition (#4348) * Fix jinja2 boolean condition * Convert all felix variable to booleans instead.
6 years ago
Adding calico/node env vars for prometheus configuration
7 years ago
Make Calico Felix log level configurable (#3781)
6 years ago
Fixes issue #7528 - allow configuring CALICO_STARTUP_LOGLEVEL via a new variable: calico_node_startup_loglevel (#7530) Signed-off-by: Brendan Holmes <5072156+holmesb@users.noreply.github.com>
3 years ago
Make Calico Felix log level configurable (#3781)
6 years ago
Add option to enable usage reports to calico servers (#6030)
4 years ago
Add calico variable that enables ignoring Kernel's RPF Setting (#1493)
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Make Felix healthhost configurable
6 years ago
Make calico iptables lock timeout configurable (#5658) Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
5 years ago
Update default (erroneous) backend value for calico (#6031)
4 years ago
Calico: update to 3.11.1, allow to configure calico_iptables_backend (#5514) I've tested this update by deploying a containerd / etcd cluster on top CentOS7, MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
5 years ago
Calico wireguard (#7638) * Calico: add Wireguard support * CI: Add Calico Wireguard scenario
3 years ago
IP_AUTODETECTION_METHOD docs
7 years ago
Integrate jetstack/cert-manager 0.2.3 to Kubespray
7 years ago
Make Calico nodename overridable on bare metal Signed-off-by: Daniel Mohr <daniel.mohr@supercrunch.io>
6 years ago
Fix calico when kube_override_hostname is set (#4235) This fixes an issue where the `nodename` in calico's cni config json can fall out of sync with the k8s node name used by the calico pod if `kube_override_hostname` is set
6 years ago
calico upgrade to v3 (#3086) * calico upgrade to v3 * update calico_rr version * add missing file * change contents of main.yml as it was left old version * enable network policy by default * remove unneeded task * Fix kubelet calico settings * fix when statement * switch back to node-kubeconfig.yaml
6 years ago
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
calico: default to using kdd datastore (#6693) If already deployed, get current datastore from CNI config file
4 years ago
set calico_datastore default value in role kubespray-default (#5259)
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Calico enable support for eBPF (#7618) * Calico: align manifests with upstream * allow enabling typha prometheus metrics * Calico: enable eBPF support * manage the kubernetes-services-endpoint configmap * Calico: document the use of eBPF dataplane * Calico: improve checks before deployment * enforce disabling kube-proxy when using eBPF dataplane * ensure calico_version is supported
3 years ago
Raise typha max connections to 300 (#5527) Raises limit from 100 to 300 because the default is far too low and the pod can handle 300 with the given resources. Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Allow to specify feature_control in calico cni config (#4879) * Allow to specify feature_control in calico cni config * list length checking * double check * remove 2 conditions
5 years ago
Raise typha max connections to 300 (#5527) Raises limit from 100 to 300 because the default is far too low and the pod can handle 300 with the given resources. Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
5 years ago
Generate TLS certs for calico typha (#5258) * Generate TLS certs for calico typha Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707 * Add group vars note Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
Allow to specify feature_control in calico cni config (#4879) * Allow to specify feature_control in calico cni config * list length checking * double check * remove 2 conditions
5 years ago
add support for custom calico port (#7419)
3 years ago
Calico enable support for eBPF (#7618) * Calico: align manifests with upstream * allow enabling typha prometheus metrics * Calico: enable eBPF support * manage the kubernetes-services-endpoint configmap * Calico: document the use of eBPF dataplane * Calico: improve checks before deployment * enforce disabling kube-proxy when using eBPF dataplane * ensure calico_version is supported
3 years ago
  1. ---
  2. # Enables Internet connectivity from containers
  3. nat_outgoing: true
  5. # add default ippool name
  6. calico_pool_name: "default-pool"
  7. calico_ipv4pool_ipip: "Off"
  9. # Use IP-over-IP encapsulation across hosts
  10. ipip: true
  11. ipip_mode: "{{ 'Always' if ipip else 'Never' }}" # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
  12. calico_ipip_mode: "{{ ipip_mode }}"
  13. calico_vxlan_mode: 'Never'
  15. calico_ipip_mode_ipv6: Never
  16. calico_vxlan_mode_ipv6: Never
  17. calico_pool_blocksize_ipv6: 116
  19. calico_cert_dir: /etc/calico/certs
  21. # Global as_num (/calico/bgp/v1/global/as_num)
  22. global_as_num: "64512"
  24. # You can set MTU value here. If left undefined or empty, it will
  25. # not be specified in calico CNI config, so Calico will use built-in
  26. # defaults. The value should be a number, not a string.
  27. # calico_mtu: 1500
  29. # Advertise Service External IPs
  30. calico_advertise_service_external_ips: []
  32. # Adveritse Service LoadBalancer IPs
  33. calico_advertise_service_loadbalancer_ips: []
  35. # Calico eBPF support
  36. calico_bpf_enabled: false
  37. calico_bpf_log_level: ""
  38. # Valid option for service mode: Tunnel (default), DSR=Direct Server Return
  39. calico_bpf_service_mode: Tunnel
  41. # Limits for apps
  42. calico_node_memory_limit: 500M
  43. calico_node_cpu_limit: 300m
  44. calico_node_memory_requests: 64M
  45. calico_node_cpu_requests: 150m
  46. calico_felix_chaininsertmode: Insert
  48. # Calico daemonset nodeselector
  49. calico_ds_nodeselector: "kubernetes.io/os: linux"
  51. # Virtual network ID to use for VXLAN traffic. A value of 0 means “use the kernel default”.
  52. calico_vxlan_vni: 4096
  54. # Port to use for VXLAN traffic. A value of 0 means “use the kernel default”.
  55. calico_vxlan_port: 4789
  57. # Enable Prometheus Metrics endpoint for felix
  58. calico_felix_prometheusmetricsenabled: false
  59. calico_felix_prometheusmetricsport: 9091
  60. calico_felix_prometheusgometricsenabled: true
  61. calico_felix_prometheusprocessmetricsenabled: true
  63. # Set the agent log level. Can be debug, warning, info or fatal
  64. calico_loglevel: info
  65. calico_node_startup_loglevel: error
  67. # Enable or disable usage report to 'usage.projectcalico.org'
  68. calico_usage_reporting: false
  70. # Should calico ignore kernel's RPF check setting,
  71. # see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
  72. calico_node_ignorelooserpf: false
  74. # Define address on which Felix will respond to health requests
  75. calico_healthhost: "localhost"
  77. # Configure time in seconds that calico will wait for the iptables lock
  78. calico_iptables_lock_timeout_secs: 10
  80. # Choose Calico iptables backend: "Legacy", "Auto" or "NFT" (FELIX_IPTABLESBACKEND)
  81. calico_iptables_backend: "Legacy"
  83. # Calico Wireguard support
  84. calico_wireguard_enabled: false
  85. calico_wireguard_packages: []
  86. calico_wireguard_repo: https://download.copr.fedorainfracloud.org/results/jdoss/wireguard/epel-{{ ansible_distribution_major_version }}-$basearch/
  88. # If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
  89. # * can-reach=DESTINATION
  90. # * interface=INTERFACE-REGEX
  91. # see https://docs.projectcalico.org/v3.0/reference/node/configuration#ip-autodetection-methods
  92. # calico_ip_auto_method: "interface=eth.*"
  94. calico_baremetal_nodename: "{{ kube_override_hostname | default(inventory_hostname) }}"
  96. kube_etcd_cacert_file: ca.pem
  97. kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
  98. kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
  100. # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
  101. # The default value for calico_datastore is set in role kubespray-default
  103. # Use typha (only with kdd)
  104. typha_enabled: false
  105. typha_prometheusmetricsenabled: false
  106. typha_prometheusmetricsport: 9093
  108. # Scaling typha: 1 replica per 100 nodes is adequate
  109. # Number of typha replicas
  110. typha_replicas: 1
  112. # Set max typha connections
  113. typha_max_connections_lower_limit: 300
  115. # Generate certifcates for typha<->calico-node communication
  116. typha_secure: false
  118. calico_feature_control: {}
  120. # Calico default BGP port
  121. calico_bgp_listen_port: 179
  123. # Calico FelixConfiguration options
  124. calico_felix_reporting_interval: 0s
  125. calico_felix_log_severity_screen: Info