cilium: k8sServiceHost: "localhost" k8sServicePort: "7445" securityContext: capabilities: ciliumAgent: - CHOWN - KILL - NET_ADMIN - NET_RAW - IPC_LOCK - NET_BIND_SERVICE - SYS_ADMIN - SYS_RESOURCE - DAC_OVERRIDE - FOWNER - SETGID - SETUID cleanCiliumState: - NET_ADMIN - SYS_ADMIN - SYS_RESOURCE envoy: securityContext: capabilities: keepCapNetBindService: true enableK8sEndpointSlice: true enableCiliumEndpointSlice: false ingressController: enabled: true default: true loadbalancerMode: shared enforceHttps: true enableProxyProtocol: true ingressLBAnnotationPrefixes: ['lbipam.cilium.io', 'nodeipam.cilium.io', 'service.beta.kubernetes.io', 'service.kubernetes.io'] defaultSecretNamespace: cilium defaultSecretName: tls-secret secretsNamespace: create: false name: cilium sync: true service: name: cilium-ingress type: LoadBalancer insecureNodePort: 80 secureNodePort: 443 gatewayAPI: enabled: true enableProxyProtocol: true enableAppProtocol: true enableAlpn: true xffNumTrustedHops: 0 externalTrafficPolicy: Cluster gatewayClass: create: auto secretsNamespace: create: false name: cilium sync: true hostNetwork: enabled: false hubble: enabled: true metrics: serviceMonitor: enabled: true relay: enabled: true metrics: serviceMonitor: enabled: true ui: enabled: true ingress: enabled: true className: tailscale hosts: - hubble-cl01tl tls: - secretName: hubble-cl01tl hosts: - hubble-cl01tl ipam: mode: "kubernetes" ipv4: enabled: true ipv6: enabled: false kubeProxyReplacement: "true" prometheus: enabled: true port: 9962 serviceMonitor: enabled: true operator: enabled: true prometheus: enabled: true port: 9963 serviceMonitor: enabled: true cgroup: autoMount: enabled: false hostRoot: /sys/fs/cgroup