104 lines
1.9 KiB
YAML
104 lines
1.9 KiB
YAML
cilium:
|
|
k8sServiceHost: "localhost"
|
|
k8sServicePort: "7445"
|
|
k8sClientRateLimit:
|
|
qps: 50
|
|
burst: 100
|
|
rollOutCiliumPods: true
|
|
securityContext:
|
|
capabilities:
|
|
ciliumAgent:
|
|
- CHOWN
|
|
- KILL
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- IPC_LOCK
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
- DAC_OVERRIDE
|
|
- FOWNER
|
|
- SETGID
|
|
- SETUID
|
|
- PERFMON
|
|
- BPF
|
|
cleanCiliumState:
|
|
- NET_ADMIN
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
l2announcements:
|
|
enabled: false
|
|
bgpControlPlane:
|
|
enabled: true
|
|
secretsNamespace:
|
|
name: kube-system
|
|
statusReport:
|
|
enabled: true
|
|
routerIDAllocation:
|
|
mode: "default"
|
|
devices: end0 enp6s0
|
|
enableK8sEndpointSlice: true
|
|
ciliumEndpointSlice:
|
|
enabled: true
|
|
ingressController:
|
|
enabled: false
|
|
gatewayAPI:
|
|
enabled: true
|
|
enableAlpn: true
|
|
enableAppProtocol: true
|
|
externalIPs:
|
|
enabled: true
|
|
socketLB:
|
|
enabled: true
|
|
hostNamespaceOnly: true
|
|
hubble:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
relay:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
ui:
|
|
enabled: true
|
|
ingress:
|
|
enabled: false
|
|
ipam:
|
|
mode: "kubernetes"
|
|
ipv4:
|
|
enabled: true
|
|
ipv6:
|
|
enabled: false
|
|
kubeProxyReplacement: true
|
|
l7Proxy: true
|
|
prometheus:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
envoy:
|
|
enabled: true
|
|
securityContext:
|
|
capabilities:
|
|
keepCapNetBindService: true
|
|
envoy:
|
|
- NET_ADMIN
|
|
- NET_BIND_SERVICE
|
|
- PERFMON
|
|
- BPF
|
|
prometheus:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
operator:
|
|
enabled: true
|
|
rollOutPods: true
|
|
prometheus:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
cgroup:
|
|
autoMount:
|
|
enabled: false
|
|
hostRoot: /sys/fs/cgroup
|