2020-08-12 18:08:12 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# The IPv4 cidr pool to create on startup if none exists. Pod IPs will be
|
|
|
|
|
# chosen from this range.
|
2022-04-27 13:13:22 +00:00
|
|
|
#podCidr: "10.42.0.0/16"
|
2020-08-12 18:08:12 +00:00
|
|
|
|
|
|
|
|
flannel:
|
|
|
|
|
# kube-flannel image
|
2020-08-21 18:56:13 +00:00
|
|
|
image:
|
2020-09-12 02:31:33 +00:00
|
|
|
repository: rancher/hardened-flannel
|
2023-10-13 01:15:17 +00:00
|
|
|
tag: v0.22.1-build20231009
|
2020-08-12 18:08:12 +00:00
|
|
|
# The interface used by canal for host <-> host communication.
|
|
|
|
|
# If left blank, then the interface is chosen using the node's
|
|
|
|
|
# default route.
|
|
|
|
|
iface: ""
|
2023-08-02 10:08:06 +00:00
|
|
|
# A regulare expression used to match the interface
|
|
|
|
|
regexIface: ""
|
2022-01-08 10:05:41 +00:00
|
|
|
# kube-flannel command arguments
|
2020-08-12 18:08:12 +00:00
|
|
|
args:
|
|
|
|
|
- "--ip-masq"
|
|
|
|
|
- "--kube-subnet-mgr"
|
|
|
|
|
# Backend for kube-flannel. Backend should not be changed
|
|
|
|
|
# at runtime.
|
|
|
|
|
backend: "vxlan"
|
2023-03-09 14:14:22 +00:00
|
|
|
# Port used by the backend 0 means default value (VXLAN: 8472, Wireguard: 51821, UDP: 8285)
|
|
|
|
|
backendPort: 0
|
|
|
|
|
# MTU to use for outgoing packets (VXLAN and Wireguard) if not defined the MTU of the external interface is used.
|
|
|
|
|
#mtu: 0
|
|
|
|
|
#
|
|
|
|
|
# VXLAN Configs:
|
|
|
|
|
#
|
|
|
|
|
# VXLAN Identifier to be used. On Linux default is 1.
|
|
|
|
|
#vni: 1
|
|
|
|
|
# Enable VXLAN Group Based Policy (Default false)
|
|
|
|
|
GBP: false
|
|
|
|
|
# Enable direct routes (default is false)
|
|
|
|
|
directRouting: false
|
|
|
|
|
# MAC prefix to be used on Windows. (Defaults is 0E-2A)
|
|
|
|
|
#macPrefix: "0E-2A"
|
|
|
|
|
#
|
|
|
|
|
# Wireguard Configs:
|
|
|
|
|
#
|
|
|
|
|
# UDP listen port used with IPv6
|
|
|
|
|
backendPortv6: 0
|
|
|
|
|
# Pre shared key to use
|
|
|
|
|
psk: 0
|
|
|
|
|
# IP version to use on Wireguard
|
|
|
|
|
#tunnelMode: "separate"
|
|
|
|
|
# Persistent keep interval to use
|
|
|
|
|
keepaliveInterval: 0
|
2023-07-14 23:11:51 +00:00
|
|
|
# Resource bounds for the kube-flannel daemon container
|
|
|
|
|
resources: ~
|
|
|
|
|
# requests:
|
|
|
|
|
# memory: 32Mi
|
|
|
|
|
# cpu: 100m
|
|
|
|
|
# limits:
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# cpu: 500m
|
2022-01-08 10:05:41 +00:00
|
|
|
|
2020-08-12 18:08:12 +00:00
|
|
|
calico:
|
|
|
|
|
# CNI installation image.
|
2020-08-21 18:56:13 +00:00
|
|
|
cniImage:
|
2020-09-12 02:31:33 +00:00
|
|
|
repository: rancher/hardened-calico
|
2023-10-13 01:15:17 +00:00
|
|
|
tag: v3.26.1-build20231009
|
2020-08-12 18:08:12 +00:00
|
|
|
# Canal node image.
|
2020-08-21 18:56:13 +00:00
|
|
|
nodeImage:
|
2020-09-12 02:31:33 +00:00
|
|
|
repository: rancher/hardened-calico
|
2023-10-13 01:15:17 +00:00
|
|
|
tag: v3.26.1-build20231009
|
2020-08-12 18:08:12 +00:00
|
|
|
# Flexvol Image.
|
2020-08-21 18:56:13 +00:00
|
|
|
flexvolImage:
|
2020-09-12 02:31:33 +00:00
|
|
|
repository: rancher/hardened-calico
|
2023-10-13 01:15:17 +00:00
|
|
|
tag: v3.26.1-build20231009
|
2022-02-08 12:02:35 +00:00
|
|
|
# kubecontroller image
|
|
|
|
|
kubeControllerImage:
|
|
|
|
|
repository: rancher/hardened-calico
|
2023-10-13 01:15:17 +00:00
|
|
|
tag: v3.26.1-build20231009
|
2022-02-08 12:02:35 +00:00
|
|
|
|
2020-08-12 18:08:12 +00:00
|
|
|
# Datastore type for canal. It can be either kuberentes or etcd.
|
|
|
|
|
datastoreType: kubernetes
|
|
|
|
|
# Wait for datastore to initialize.
|
|
|
|
|
waitForDatastore: true
|
|
|
|
|
# Configure route aggregation based on pod CIDR.
|
|
|
|
|
usePodCIDR: true
|
|
|
|
|
# Disable BGP routing.
|
|
|
|
|
networkingBackend: none
|
|
|
|
|
# Cluster type to identify the deployment type.
|
|
|
|
|
clusterType: "k8s,canal"
|
|
|
|
|
# Disable file logging so `kubectl logs` works.
|
|
|
|
|
disableFileLogging: true
|
|
|
|
|
# Disable IPv6 on Kubernetes.
|
|
|
|
|
felixIpv6Support: false
|
|
|
|
|
# Period, in seconds, at which felix re-applies all iptables state
|
|
|
|
|
felixIptablesRefreshInterval: 60
|
2020-08-25 22:36:24 +00:00
|
|
|
# iptables backend to use for felix, defaults to auto but can also be set to nft or legacy
|
|
|
|
|
felixIptablesBackend: auto
|
2020-08-12 18:08:12 +00:00
|
|
|
# Set Felix logging to "info".
|
|
|
|
|
felixLogSeverityScreen: info
|
|
|
|
|
# Enable felix healthcheck.
|
|
|
|
|
felixHealthEnabled: true
|
2020-08-19 17:07:58 +00:00
|
|
|
# Enable prometheus metrics
|
|
|
|
|
felixPrometheusMetricsEnabled: true
|
2020-08-26 23:20:52 +00:00
|
|
|
# Disable XDP Acceleration as we do not support it with our ubi7 base image
|
|
|
|
|
felixXDPEnabled: false
|
2020-08-12 18:08:12 +00:00
|
|
|
# Whether or not to masquerade traffic to destinations not within
|
|
|
|
|
# the pod network.
|
|
|
|
|
masquerade: true
|
|
|
|
|
# Set Felix endpoint to host default action to ACCEPT.
|
|
|
|
|
felixDefaultEndpointToHostAction: ACCEPT
|
|
|
|
|
# Configure the MTU to use.
|
|
|
|
|
vethuMTU: 1450
|
|
|
|
|
# Typha is disabled.
|
|
|
|
|
typhaServiceName: none
|
2021-03-10 19:17:47 +00:00
|
|
|
# Kubelet flex-volume-plugin-dir
|
|
|
|
|
flexVolumePluginDir: /var/lib/kubelet/volumeplugins
|
2021-04-26 08:08:05 +00:00
|
|
|
# calico inbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules.
|
|
|
|
|
felixFailsafeInboundHostPorts: ""
|
|
|
|
|
# calico outbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules.
|
|
|
|
|
felixFailsafeOutboundHostPorts: ""
|
2022-01-08 10:05:41 +00:00
|
|
|
# The method to use to autodetect the IPv4 address for this host.
|
|
|
|
|
ipAutoDetectionMethod: "first-found"
|
|
|
|
|
# The method to use to autodetect the IPv6 address for this host.
|
|
|
|
|
ip6AutoDetectionMethod: "first-found"
|
2022-02-08 12:02:35 +00:00
|
|
|
# Enable calico kube-controllers
|
|
|
|
|
calicoKubeControllers: false
|
2023-07-14 23:11:51 +00:00
|
|
|
# Resource bounds for the calico-node daemon container
|
|
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
cpu: 250m
|
|
|
|
|
# memory: 128Mi
|
|
|
|
|
# limits:
|
|
|
|
|
# cpu: 250m
|
|
|
|
|
# memory: 256Mi
|
2020-08-21 18:56:13 +00:00
|
|
|
|
|
|
|
|
global:
|
|
|
|
|
systemDefaultRegistry: ""
|
2021-09-28 14:45:31 +00:00
|
|
|
clusterCIDRv4: ""
|
|
|
|
|
clusterCIDRv6: ""
|
