cilium:
  k8sServiceHost: "localhost"
  k8sServicePort: "7445"
  k8sClientRateLimit:
    qps: 50
    burst: 100
  rollOutCiliumPods: true
  securityContext:
    capabilities:
      ciliumAgent:
        - CHOWN
        - KILL
        - NET_ADMIN
        - NET_RAW
        - IPC_LOCK
        - SYS_ADMIN
        - SYS_RESOURCE
        - DAC_OVERRIDE
        - FOWNER
        - SETGID
        - SETUID
        - PERFMON
        - BPF
      cleanCiliumState:
        - NET_ADMIN
        - SYS_ADMIN
        - SYS_RESOURCE
  l2announcements:
    enabled: false
  bgpControlPlane:
    enabled: true
    secretsNamespace:
      name: kube-system
    statusReport:
      enabled: true
    routerIDAllocation:
      mode: "default"
  devices: end0 enp6s0
  enableK8sEndpointSlice: true
  ciliumEndpointSlice:
    enabled: true
  ingressController:
    enabled: false
  gatewayAPI:
    enabled: true
    enableAlpn: true
    enableAppProtocol: true
  externalIPs:
    enabled: true
  socketLB:
    enabled: true
    hostNamespaceOnly: true
  hubble:
    enabled: true
    metrics:
      serviceMonitor:
        enabled: true
    relay:
      enabled: true
      metrics:
        serviceMonitor:
          enabled: true
    ui:
      enabled: true
      ingress:
        enabled: false
  ipam:
    mode: "kubernetes"
  ipv4:
    enabled: true
  ipv6:
    enabled: false
  kubeProxyReplacement: true
  l7Proxy: true
  prometheus:
    enabled: true
    serviceMonitor:
      enabled: true
  envoy:
    enabled: true
    securityContext:
      capabilities:
        keepCapNetBindService: true
        envoy:
          - NET_ADMIN
          - NET_BIND_SERVICE
          - PERFMON
          - BPF
    prometheus:
      enabled: true
      serviceMonitor:
        enabled: true
  operator:
    enabled: true
    rollOutPods: true
    prometheus:
      enabled: true
      serviceMonitor:
        enabled: true
  cgroup:
    autoMount:
      enabled: false
    hostRoot: /sys/fs/cgroup