cilium:
  k8sServiceHost: "localhost"
  k8sServicePort: "7445"
  securityContext:
    capabilities:
      ciliumAgent:
        - CHOWN
        - KILL
        - NET_ADMIN
        - NET_RAW
        - IPC_LOCK
        - SYS_ADMIN
        - SYS_RESOURCE
        - DAC_OVERRIDE
        - FOWNER
        - SETGID
        - SETUID
      cleanCiliumState:
        - NET_ADMIN
        - SYS_ADMIN
        - SYS_RESOURCE
  enableK8sEndpointSlice: true
  enableCiliumEndpointSlice: false
  hubble:
    enabled: true
    metrics:
      serviceMonitor:
        enabled: true
    relay:
      enabled: true
      metrics:
        serviceMonitor:
          enabled: true
    ui:
      enabled: true
      ingress:
        enabled: true
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.tls: "true"
          cert-manager.io/cluster-issuer: letsencrypt-issuer
        className: traefik
        hosts:
          - hubble.alexlebens.net
        tls:
          - secretName: hubble-secret-tls
            hosts:
              - hubble.alexlebens.net
  ipam:
    mode: "kubernetes"
  ipv4:
    enabled: true
  ipv6:
    enabled: false
  kubeProxyReplacement: "true"
  prometheus:
    enabled: true
    port: 9962
    serviceMonitor:
      enabled: true
  operator:
    enabled: true
    prometheus:
      enabled: true
      port: 9963
      serviceMonitor:
        enabled: true
  cgroup:
    autoMount:
      enabled: false
    hostRoot: /sys/fs/cgroup