72 lines
1.5 KiB
YAML
72 lines
1.5 KiB
YAML
cilium:
|
|
k8sServiceHost: "localhost"
|
|
k8sServicePort: "7445"
|
|
securityContext:
|
|
capabilities:
|
|
ciliumAgent:
|
|
- CHOWN
|
|
- KILL
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- IPC_LOCK
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
- DAC_OVERRIDE
|
|
- FOWNER
|
|
- SETGID
|
|
- SETUID
|
|
cleanCiliumState:
|
|
- NET_ADMIN
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
enableK8sEndpointSlice: true
|
|
enableCiliumEndpointSlice: false
|
|
hubble:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
relay:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
ui:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-issuer
|
|
className: traefik
|
|
hosts:
|
|
- hubble.alexlebens.net
|
|
tls:
|
|
- secretName: hubble-secret-tls
|
|
hosts:
|
|
- hubble.alexlebens.net
|
|
ipam:
|
|
mode: "kubernetes"
|
|
ipv4:
|
|
enabled: true
|
|
ipv6:
|
|
enabled: false
|
|
kubeProxyReplacement: "true"
|
|
prometheus:
|
|
enabled: true
|
|
port: 9962
|
|
serviceMonitor:
|
|
enabled: true
|
|
operator:
|
|
enabled: true
|
|
prometheus:
|
|
enabled: true
|
|
port: 9963
|
|
serviceMonitor:
|
|
enabled: true
|
|
cgroup:
|
|
autoMount:
|
|
enabled: false
|
|
hostRoot: /sys/fs/cgroup
|