forked from k-space/kube
236 lines
4.8 KiB
YAML
236 lines
4.8 KiB
YAML
# This section includes base Calico installation configuration.
|
|
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
|
|
apiVersion: operator.tigera.io/v1
|
|
kind: Installation
|
|
metadata:
|
|
name: default
|
|
spec:
|
|
# Configures Calico networking.
|
|
calicoNetwork:
|
|
# Note: The ipPools section cannot be modified post-install.
|
|
ipPools:
|
|
- allowedUses:
|
|
- Workload
|
|
- Tunnel
|
|
blockSize: 26
|
|
cidr: 10.244.0.0/16
|
|
disableBGPExport: false
|
|
disableNewAllocations: false
|
|
encapsulation: IPIP
|
|
name: default-ipv4-ippool
|
|
natOutgoing: Disabled
|
|
nodeSelector: all()
|
|
- blockSize: 122
|
|
cidr: 2001:bb8:4008:21:244::/80
|
|
disableBGPExport: false
|
|
disableNewAllocations: false
|
|
nodeSelector: all()
|
|
encapsulation: None
|
|
natOutgoing: Disabled
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: IPPool
|
|
metadata:
|
|
name: default-ipv4-ippool
|
|
spec:
|
|
allowedUses:
|
|
- Workload
|
|
- Tunnel
|
|
blockSize: 26
|
|
cidr: 10.244.0.0/16
|
|
ipipMode: Always
|
|
nodeSelector: all()
|
|
vxlanMode: Never
|
|
natOutgoing: true
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: IPPool
|
|
metadata:
|
|
name: default-ipv6-ippool
|
|
spec:
|
|
allowedUses:
|
|
- Workload
|
|
- Tunnel
|
|
blockSize: 122
|
|
cidr: 2001:bb8:4008:21:244::/80
|
|
ipipMode: Never
|
|
nodeSelector: all()
|
|
vxlanMode: Never
|
|
natOutgoing: false
|
|
---
|
|
# This section configures the Calico API server.
|
|
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
|
|
apiVersion: operator.tigera.io/v1
|
|
kind: APIServer
|
|
metadata:
|
|
name: default
|
|
spec: {}
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: mikrotik-router
|
|
spec:
|
|
peerIP: 172.21.255.254
|
|
asNumber: 64512
|
|
keepOriginalNextHop: true
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: mikrotik-router-ipv6
|
|
spec:
|
|
peerIP: 2001:bb8:4008:21:ffff:ffff:ffff:fffe
|
|
asNumber: 64512
|
|
keepOriginalNextHop: true
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve90
|
|
spec:
|
|
peerIP: 172.21.20.90
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve91
|
|
spec:
|
|
peerIP: 172.21.20.91
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve92
|
|
spec:
|
|
peerIP: 172.21.20.92
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve93
|
|
spec:
|
|
peerIP: 172.21.20.93
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve90-ipv6
|
|
spec:
|
|
peerIP: 2001:bb8:4008:21:20::90
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve91-ipv6
|
|
spec:
|
|
peerIP: 2001:bb8:4008:21:20::91
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve92-ipv6
|
|
spec:
|
|
peerIP: 2001:bb8:4008:21:20::92
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPPeer
|
|
metadata:
|
|
name: pve93-ipv6
|
|
spec:
|
|
peerIP: 2001:bb8:4008:21:20::93
|
|
asNumber: 64512
|
|
password:
|
|
secretKeyRef:
|
|
name: bgp-secrets
|
|
key: password
|
|
---
|
|
apiVersion: projectcalico.org/v3
|
|
kind: BGPConfiguration
|
|
metadata:
|
|
name: default
|
|
spec:
|
|
asNumber: 64512
|
|
serviceLoadBalancerIPs:
|
|
- cidr: 172.21.51.4/32
|
|
- cidr: 172.21.53.1/32
|
|
- cidr: 172.21.53.2/32
|
|
- cidr: 172.21.53.3/32
|
|
- cidr: 193.40.103.36/32
|
|
- cidr: 193.40.103.37/32
|
|
- cidr: 193.40.103.38/32
|
|
- cidr: 193.40.103.39/32
|
|
- cidr: 62.65.250.36/32
|
|
- cidr: 62.65.250.37/32
|
|
- cidr: 62.65.250.38/32
|
|
- cidr: 62.65.250.2/32
|
|
- cidr: 193.40.103.25/32
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: secret-access
|
|
namespace: calico-system
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
resourceNames: ["bgp-secrets"]
|
|
verbs: ["watch", "list", "get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: secret-access
|
|
namespace: calico-system
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: secret-access
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: calico-node
|
|
namespace: calico-system
|