alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-05-11 01:03:54 +00:00
parent 1bbebdb2db
commit 3d08ee2f4b
19 changed files with 56 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files
clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
+6 -25
View File
@@ -16,18 +16,6 @@ data:
controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
operator-prometheus-serve-addr: ":9963"
enable-metrics: "true"
enable-envoy-config: "true"
envoy-config-retry-interval: "15s"
enable-gateway-api: "true"
enable-gateway-api-secrets-sync: "true"
enable-gateway-api-proxy-protocol: "false"
enable-gateway-api-app-protocol: "true"
enable-gateway-api-alpn: "true"
gateway-api-xff-num-trusted-hops: "0"
gateway-api-service-externaltrafficpolicy: "Cluster"
gateway-api-secrets-namespace: "cilium-secrets"
gateway-api-hostnetwork-enabled: "false"
gateway-api-hostnetwork-nodelabelselector: ""
enable-policy-secrets-sync: "true"
policy-secrets-only-from-secrets-namespace: "true"
policy-secrets-namespace: "cilium-secrets"
@@ -58,7 +46,6 @@ data:
tunnel-protocol: "vxlan"
tunnel-source-port-range: "0-0"
service-no-backend-response: "reject"
policy-deny-response: "none"
enable-l7-proxy: "true"
enable-ipv4-masquerade: "true"
enable-ipv4-big-tcp: "false"
@@ -66,6 +53,7 @@ data:
enable-ipv6-masquerade: "true"
enable-tcx: "true"
datapath-mode: "veth"
enable-bpf-masquerade: "false"
enable-masquerade-to-route-source: "false"
enable-xt-socket-fallback: "true"
install-no-conntrack-iptables-rules: "false"
@@ -75,7 +63,6 @@ data:
devices: "end0 enp6s0"
kube-proxy-replacement: "true"
kube-proxy-replacement-healthz-bind-address: ""
enable-no-service-endpoints-routable: "true"
bpf-lb-sock: "true"
bpf-lb-sock-hostns-only: "true"
enable-health-check-nodeport: "true"
@@ -83,7 +70,7 @@ data:
node-port-bind-protection: "true"
enable-auto-protect-node-port-range: "true"
bpf-lb-acceleration: "disabled"
enable-service-topology: "false"
enable-svc-source-range-check: "true"
enable-l2-neigh-discovery: "false"
k8s-require-ipv4-pod-cidr: "false"
k8s-require-ipv6-pod-cidr: "false"
@@ -116,7 +103,6 @@ data:
vtep-cidr: ""
vtep-mask: ""
vtep-mac: ""
packetization-layer-pmtud-mode: "blackhole"
procfs: "/host/proc"
bpf-root: "/sys/fs/bpf"
cgroup-root: "/sys/fs/cgroup"
@@ -129,7 +115,7 @@ data:
remove-cilium-node-taints: "true"
set-cilium-node-taints: "true"
set-cilium-is-up-condition: "true"
unmanaged-pod-watcher-interval: "15s"
unmanaged-pod-watcher-interval: "15"
dnsproxy-enable-transparent-mode: "true"
dnsproxy-socket-linger-timeout: "10"
tofqdns-dns-reject-response-code: "refused"
@@ -140,7 +126,7 @@ data:
tofqdns-proxy-response-max-delay: "100ms"
tofqdns-preallocate-identities: "true"
agent-not-ready-taint-key: "node.cilium.io/agent-not-ready"
mesh-auth-enabled: "false"
mesh-auth-enabled: "true"
mesh-auth-queue-size: "1024"
mesh-auth-rotated-identities-queue-size: "1024"
mesh-auth-gc-interval: "5m0s"
@@ -148,14 +134,10 @@ data:
proxy-xff-num-trusted-hops-egress: "0"
proxy-connect-timeout: "2"
proxy-initial-fetch-timeout: "30"
proxy-max-active-downstream-connections: "50000"
proxy-max-requests-per-connection: "0"
proxy-max-connection-duration-seconds: "0"
proxy-idle-timeout-seconds: "60"
proxy-max-concurrent-retries: "128"
proxy-use-original-source-address: "true"
proxy-cluster-max-connections: "1024"
proxy-cluster-max-requests: "1024"
http-retry-count: "3"
http-stream-idle-timeout: "300"
external-envoy-proxy: "true"
@@ -163,13 +145,12 @@ data:
envoy-access-log-buffer-size: "4096"
envoy-keep-cap-netbindservice: "true"
max-connected-clusters: "255"
clustermesh-cache-ttl: "0s"
clustermesh-enable-endpoint-sync: "false"
clustermesh-enable-mcs-api: "false"
clustermesh-mcs-api-install-crds: "true"
policy-default-local-cluster: "true"
policy-default-local-cluster: "false"
nat-map-stats-entries: "32"
nat-map-stats-interval: "30s"
enable-internal-traffic-policy: "true"
enable-lb-ipam: "true"
enable-non-default-deny-policies: "true"
enable-source-ip-verification: "true"