91 lines
1.7 KiB
YAML
91 lines
1.7 KiB
YAML
cilium:
|
|
securityContext:
|
|
capabilities:
|
|
ciliumAgent:
|
|
- CHOWN
|
|
- KILL
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- IPC_LOCK
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
- DAC_OVERRIDE
|
|
- FOWNER
|
|
- SETGID
|
|
- SETUID
|
|
cleanCiliumState:
|
|
- NET_ADMIN
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
envoy:
|
|
securityContext:
|
|
capabilities:
|
|
envoy:
|
|
- NET_ADMIN
|
|
- PERFMON
|
|
- BPF
|
|
keepCapNetBindService: true
|
|
enableK8sEndpointSlice: true
|
|
enableCiliumEndpointSlice: true
|
|
rollOutCiliumPods: true
|
|
ingressController:
|
|
enabled: false
|
|
gatewayAPI:
|
|
enabled: false
|
|
socketLB:
|
|
hostNamespaceOnly: true
|
|
hubble:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
relay:
|
|
enabled: true
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true
|
|
ui:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
className: tailscale
|
|
hosts:
|
|
- hubble-cl01tl
|
|
tls:
|
|
- secretName: hubble-cl01tl
|
|
hosts:
|
|
- hubble-cl01tl
|
|
ipam:
|
|
mode: "kubernetes"
|
|
ipv4:
|
|
enabled: true
|
|
ipv6:
|
|
enabled: false
|
|
kubeProxyReplacement: "true"
|
|
k8sServiceHost: "localhost"
|
|
k8sServicePort: "7445"
|
|
l2announcements:
|
|
enabled: true
|
|
externalIPs:
|
|
enabled: true
|
|
k8sClientRateLimit:
|
|
qps: 50
|
|
burst: 100
|
|
prometheus:
|
|
enabled: true
|
|
port: 9962
|
|
serviceMonitor:
|
|
enabled: true
|
|
operator:
|
|
enabled: true
|
|
rollOutPods: true
|
|
prometheus:
|
|
enabled: true
|
|
port: 9963
|
|
serviceMonitor:
|
|
enabled: true
|
|
cgroup:
|
|
autoMount:
|
|
enabled: false
|
|
hostRoot: /sys/fs/cgroup
|