openstack-helm-infra/calico/values.yaml

# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

images:
  tags:
    # These are minimum versions, older images will very likely not
    # work
    calico_etcd: quay.io/coreos/etcd:v3.3.9
    calico_node: quay.io/calico/node:v3.2.1
    calico_cni: quay.io/calico/cni:v3.2.1
    calico_ctl: calico/ctl:release-v3.2-amd64
    calico_settings: calico/ctl:release-v3.2-amd64
    # NOTE: plural key, singular value
    calico_kube_controllers: quay.io/calico/kube-controllers:v3.2.1
    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
    image_repo_sync: docker.io/docker:17.07.0
  pull_policy: IfNotPresent
  local_registry:
    active: false
    exclude:
      - dep_check
      - image_repo_sync
      - calico_etcd
      - calico_node
      - calico_cni
      - calico_kube_controllers

pod:
  resources:
    enabled: false
    jobs:
      image_repo_sync:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
      calico_settings:
        requests:
          memory: "128Mi"
          cpu: "100m"
        limits:
          memory: "1024Mi"
          cpu: "2000m"
    calico_kube_controllers:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    calico_node:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    calico_cni:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    calico_ctl:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
    calico_etcd:
      requests:
        memory: "128Mi"
        cpu: "100m"
      limits:
        memory: "1024Mi"
        cpu: "2000m"
  lifecycle:
    upgrades:
      deployments:
        revision_history: 3
        pod_replacement_strategy: RollingUpdate
        rolling_update:
          max_unavailable: 1
          max_surge: 3
    disruption_budget:
      controllers:
        min_available: 0

dependencies:
  dynamic:
    common:
      local_image_registry:
        jobs:
          - calico-image-repo-sync
        services:
          - endpoint: node
            service: local_image_registry
  static:
    calico_kube_controllers:
      services:
        - endpoint: internal
          service: calico-etcd
    calico_node:
      services:
        - endpoint: internal
          service: calico-etcd
    calico_settings:
      services:
        - endpoint: internal
          service: calico-etcd
    calico_etcd:
      services: null
    image_repo_sync:
      services:
        - endpoint: internal
          service: local_image_registry

endpoints:
  cluster_domain_suffix: cluster.local
  local_image_registry:
    name: docker-registry
    namespace: docker-registry
    hosts:
      default: localhost
      internal: docker-registry
      node: localhost
    host_fqdn_override:
      default: null
    port:
      registry:
        node: 5000
  etcd:
    auth:
      client:
        tls:
          crt: null
          ca: null
          key: null
        path:
          # these must be within /etc/calico
          crt: /etc/calico/pki/crt
          ca: /etc/calico/pki/ca
          key: /etc/calico/pki/key
    scheme:
      default: http
    path:
      default: ' '  # space required to provide a truly empty path
    hosts:
      default: 10.96.232.136
    host_fqdn_override:
      default: null
    service:
      name: null
    port:
      client:
        default: 6666
      peer:
        default: 6667

monitoring:
  prometheus:
    enabled: true
    calico_node:
      scrape: true
      port: 9091

networking:
  podSubnet: 192.168.0.0/16
  # Physical MTU, if ipip is enabled, the chart will adjust things downward
  mtu: 1500

  settings:
    mesh: "on"
    # technically this could be a list, today we only support
    # a single podSubnet, the one above.  The settings below
    # will be applied to that ipPool
    ippool:
      ipip:
        enabled: "true"
        # Titlecase
        mode: "Always"
      nat_outgoing: "true"
      disabled: "false"

  bgp:
    # our asnumber for bgp peering
    asnumber: 64512
    ipv4:
      # https://docs.projectcalico.org/v3.2/reference/calicoctl/resources/bgppeer
      #
      # this is a list of peer objects that will be passed directly to
      # calicoctl - for global peers, the scope should be global and
      # the node attribute removed
      #
      # apiVersion: projectcalico.org/v3
      # kind: BGPPeer
      # metadata:
      #   name: some.name
      # spec:
      #   node: rack1-host1
      #   peerIP: 10.1.10.39
      #   asNumber: 64512
      peers: []
      # this is a list of additional IPv4 cidrs that if we discover
      # IPs within them on a host, we will announce the address in
      # addition to traditional pod workloads
      additional_cidrs: []
      port:
        neighbor: 179
        listen: 179
    ipv6:
      # https://docs.projectcalico.org/v3.2/reference/calicoctl/resources/bgppeer
      #
      # this is a list of peer objects that will be passed directly to
      # calicoctl - for global peers, the scope should be global and
      # the node attribute removed
      #
      # apiVersion: projectcalico.org/v3
      # kind: BGPPeer
      # metadata:
      #   name: some.name
      # spec:
      #   node: rack1-host1
      #   peerIP: 2600:1:2:3::abcd
      #   asNumber: 64512
      peers: []
      # this is a list of additional IPv6 cidrs that if we discover
      # IPs within them on a host, we will announce them in addition
      # to traditional pod workloads
      additional_cidrs: []
      port:
        neighbor: 179
        listen: 179

conf:
  etcd:
    credentials:
      ca: null
      key: null
      certificate: null
  # NOTE; syntax has subtly changed since Calico v2.  For Armada *all*
  # of this needes to be specified.  We're using yaml here which we
  # can't robustly convert to json (which the node pod requires) so it
  # might be we revisit that and embedded a json string that gets
  # edits
  cni_network_config:
    # https://docs.projectcalico.org/v3.2/reference/cni-plugin/configuration
    #
    # other than the etcd_* keys you likely want to leave this as-is
    name: k8s-pod-network
    cniVersion: 0.3.0
    plugins:
    - type: calico
      log_level: info
      etcd_endpoints: __ETCD_ENDPOINTS__
      etcd_key_file: __ETCD_KEY_FILE__
      etcd_cert_file: __ETCD_CERT_FILE__
      etcd_ca_cert_file: __ETCD_CA_CERT_FILE__
      ipam:
        type: calico-ipam
      policy:
        type: k8s
      kubernetes:
        kubeconfig: __KUBECONFIG_FILEPATH__
    - type: portmap
      snat: true
      capabilities:
        portMappings: true
  controllers:
    # The location of the Kubernetes API.  Use the default Kubernetes
    # service for API access.
    K8S_API: "https://kubernetes.default:443"
    # Choose which controllers to run.
    ENABLED_CONTROLLERS: "policy,profile,workloadendpoint,node"
    # Since we're running in the host namespace and might not have KubeDNS
    # access, configure the container's /etc/hosts to resolve
    # kubernetes.default to the correct service clusterIP.
    CONFIGURE_ETC_HOSTS: "true"

  node:
    # for specific details see
    # https://docs.projectcalico.org/v3.2/reference/node/configuration
    name: k8s-pod-network
    # Cluster type to identify the deployment type
    # NOTE: v2 had a list ... v3 a comma separated string
    CLUSTER_TYPE: "k8s,bgp"
    # Describes which BGP networking backend to use gobgp, bird, none.  Default is bird.
    # NOTE(alanmeadows) today this chart only supports applying the bgp customizations to
    # bird templates - in the future we may support gobgp as well
    CALICO_NETWORKING_BACKEND: bird
    # Location of the CA certificate for etcd.
    ETCD_CA_CERT_FILE: ""
    # Location of the client key for etcd.
    ETCD_KEY_FILE: ""
    # Location of the client certificate for etcd.
    ETCD_CERT_FILE: ""
    # Disable file logging so `kubectl logs` works.
    CALICO_DISABLE_FILE_LOGGING: "true"
    # Set Felix endpoint to host default action to ACCEPT.
    FELIX_DEFAULTENDPOINTTOHOSTACTION: "ACCEPT"
    # Configure the IP Pool from which Pod IPs will be chosen.
    CALICO_IPV4POOL_CIDR: null
    # Change this to 'off' in environments with direct L2 communication
    # Titlecase
    CALICO_IPV4POOL_IPIP: "Always"
    # Disable IPv6 on Kubernetes.
    FELIX_IPV6SUPPORT: "false"
    # Set MTU for tunnel device used if ipip is enabled
    FELIX_IPINIPMTU: null
    # Set Felix logging to "info"
    FELIX_LOGSEVERITYSCREEN: "info"
    FELIX_HEALTHENABLED: "true"
    # Set Felix experimental Prometheus metrics server
    FELIX_PROMETHEUSMETRICSENABLED: "true"
    FELIX_PROMETHEUSMETRICSPORT: "9091"
    # Auto-detect the BGP IP address.
    IP: ""
    # Detection of source interface for routing
    # options include
    # can-reach=DESTINATION
    # interface=INTERFACE-REGEX
    IP_AUTODETECTION_METHOD: first-found
    IPV6_AUTODETECTION_METHOD: first-found

manifests:
  configmap_bin: true
  configmap_etc: true
  configmap_bird: true
  daemonset_calico_etcd: true
  daemonset_calico_node: true
  daemonset_calico_node_calicoctl: true
  deployment_calico_kube_controllers: true
  job_image_repo_sync: true
  job_calico_settings: true
  service_calico_etcd: true
  secret_certificates: true