feat: correct kubespray configuration to be shorter and list calico networking options

ansible/group_vars/k8s_cluster/addons.yml

@@ -4,43 +4,6 @@ helm_enabled: true
 
 # Metrics Server deployment
 metrics_server_enabled: true
-# metrics_server_container_port: 10250
-# metrics_server_kubelet_insecure_tls: true
-# metrics_server_metric_resolution: 15s
-# metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname"
-# metrics_server_host_network: false
-# metrics_server_replicas: 1
 
 # Nginx ingress controller deployment
 ingress_nginx_enabled: false
-#ingress_nginx_host_network: true
-# ingress_nginx_service_type: LoadBalancer
-# ingress_nginx_host_network: false
-#ingress_publish_status_address: ""
-# ingress_nginx_nodeselector:
-#   kubernetes.io/os: "linux"
-# ingress_nginx_tolerations:
-#   - key: "node-role.kubernetes.io/master"
-#     operator: "Equal"
-#     value: ""
-#     effect: "NoSchedule"
-#   - key: "node-role.kubernetes.io/control-plane"
-#     operator: "Equal"
-#     value: ""
-#     effect: "NoSchedule"
-# ingress_nginx_namespace: "ingress-nginx"
-# ingress_nginx_insecure_port: 80
-# ingress_nginx_secure_port: 443
-# ingress_nginx_configmap:
-#   map-hash-bucket-size: "128"
-#   ssl-protocols: "TLSv1.2 TLSv1.3"
-# ingress_nginx_configmap_tcp_services:
-#   9000: "default/example-go:8080"
-# ingress_nginx_configmap_udp_services:
-#   53: "kube-system/coredns:53"
-# ingress_nginx_extra_args:
-#   - --default-ssl-certificate=default/foo-tls
-# ingress_nginx_termination_grace_period_seconds: 300
-# ingress_nginx_class: nginx
-# ingress_nginx_without_class: true
-# ingress_nginx_default: false

ansible/group_vars/k8s_cluster/k8s-cluster.yml

@@ -5,6 +5,3 @@ kube_version: v1.24.17
 # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface
 # must be set to true for MetalLB, kube-vip(ARP enabled) to work
 kube_proxy_strict_arp: true
-
-# pod security policy (RBAC must be enabled either by having 'RBAC' in authorization_modes or kubeadm enabled)
-podsecuritypolicy_enabled: false
\ No newline at end of file

ansible/group_vars/k8s_cluster/k8s-net-calico.yaml

@@ -12,17 +12,34 @@ calico_pool_blocksize: 26
 # - Otherwise, if VXLAN or BPF mode is enabled, subtract 50 from your network MTU (i.e. 1500-50=1450)
 # - Otherwise, if IPIP is enabled, subtract 20 from your network MTU (i.e. 1500-20=1480)
 # - Otherwise, if not using any encapsulation, set to your network MTU (i.e. 1500)
-calico_veth_mtu: 1450
+#calico_veth_mtu: 1450
+calico_veth_mtu: 8900
 
 # Choose Calico iptables backend: "Legacy", "Auto" or "NFT"
 calico_iptables_backend: "NFT"
 
+# Option 1: VxLAN Always, slowest but found functional well
+# ---------------------------------------------------------
 # Set calico network backend: "bird", "vxlan" or "none"
 # bird enable BGP routing, required for ipip and no encapsulation modes
 calico_network_backend: vxlan
-
 # set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never"
-calico_vxlan_mode: 'CrossSubnet'
+calico_vxlan_mode: 'Always'
+
+# Option 2: No overlay, to be tested
+# -------------------------------------------------------------------
+## Set calico network backend: "bird", "vxlan" or "none"
+## bird enable BGP routing, required for ipip and no encapsulation modes
+#calico_network_backend: none
+
+# Option 3: VxLAN CrossSubnet, does not work at all in 3.25.1 version
+# -------------------------------------------------------------------
+## Set calico network backend: "bird", "vxlan" or "none"
+## bird enable BGP routing, required for ipip and no encapsulation modes
+#calico_network_backend: vxlan
+## set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never"
+#calico_vxlan_mode: 'CrossSubnet'
+
 
 # set VXLAN port and VNI
 # calico_vxlan_vni: 4096