89 lines
1.9 KiB
YAML
89 lines
1.9 KiB
YAML
cilium:
|
|
k8sServiceHost: "localhost"
|
|
k8sServicePort: "7445"
|
|
securityContext:
|
|
capabilities:
|
|
ciliumAgent:
|
|
- CHOWN
|
|
- KILL
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- IPC_LOCK
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
- DAC_OVERRIDE
|
|
- FOWNER
|
|
- SETGID
|
|
- SETUID
|
|
cleanCiliumState:
|
|
- NET_ADMIN
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
enableK8sEndpointSlice: true
|
|
enableCiliumEndpointSlice: false
|
|
ingressController:
|
|
enabled: true
|
|
default: false
|
|
loadbalancerMode: dedicated
|
|
enforceHttps: true
|
|
enableProxyProtocol: false
|
|
ingressLBAnnotationPrefixes: ['lbipam.cilium.io', 'nodeipam.cilium.io', 'service.beta.kubernetes.io', 'service.kubernetes.io']
|
|
defaultSecretName: tls-secret
|
|
secretsNamespace:
|
|
create: true
|
|
name: cilium-secrets
|
|
sync: true
|
|
service:
|
|
name: cilium-ingress
|
|
annotations:
|
|
metallb.universe.tf/allow-shared-ip: "external"
|
|
type: LoadBalancer
|
|
insecureNodePort: 30000
|
|
secureNodePort: 30001
|
|
hostNetwork:
|
|
enabled: false
|
|
hubble:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
relay:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
ui:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
className: tailscale
|
|
hosts:
|
|
- hubble-cl01tl
|
|
tls:
|
|
- secretName: hubble-cl01tl
|
|
hosts:
|
|
- hubble-cl01tl
|
|
ipam:
|
|
mode: "kubernetes"
|
|
ipv4:
|
|
enabled: true
|
|
ipv6:
|
|
enabled: false
|
|
kubeProxyReplacement: "true"
|
|
prometheus:
|
|
enabled: true
|
|
port: 9962
|
|
serviceMonitor:
|
|
enabled: true
|
|
operator:
|
|
enabled: true
|
|
prometheus:
|
|
enabled: true
|
|
port: 9963
|
|
serviceMonitor:
|
|
enabled: true
|
|
cgroup:
|
|
autoMount:
|
|
enabled: false
|
|
hostRoot: /sys/fs/cgroup
|