탐색 도움말
로그인
wigust
/
dotfiles
Watch 2
Star 1
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: e82124c5d9
브랜치 태그
dotfiles
/
infrastructure
/
base
/
cilium
/
values.yaml

values.yaml 2.1 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. # helm -n kube-system upgrade --version 1.14.7 --values ~/.local/share/chezmoi/infrastructure/base/cilium/values.yaml cilium cilium/cilium
    2. 

  2. 

  3. cni:
    4. 

  4.   # https://github.com/cilium/cilium/pull/14192/files
    5. 

  5.   # make Cilium's CNI conf the only one available by aanm · Pull Request
    6. 

  6.   # #14192 · cilium/cilium
    7. 

  7.   #
    8. 

  8.   # Make Cilium take ownership over the `/etc/cni/net.d` directory on the
    9. 

  9.   # node, renaming all non-Cilium CNI configurations to
    10. 

  10.   # `*.cilium_bak`. This ensures no Pods can be scheduled using other CNI
    11. 

  11.   # plugins during Cilium agent downtime.
    12. 

  12.   #
    13. 

  13.   # Do not rename 00-multus.conf to 00-multus.conf.cilium_bak file in
    14. 

  14.   # /etc/cni/net.d directory.
    15. 

  15.   exclusive: false
    16. 

  16. 

  17. # -- Configure prometheus metrics on the configured port at /metrics
    18. 

  18. prometheus:
    19. 

  19.   enabled: true
    20. 

  20. 

  21. operator:
    22. 

  22.   replicas: 1
    23. 

  23.   prometheus:
    24. 

  24.     enabled: true
    25. 

  25. 

  26. hubble:
    27. 

  27.   relay:
    28. 

  28.     enabled: true
    29. 

  29.     prometheus:
    30. 

  30.       enabled: true
    31. 

  31.   ui:
    32. 

  32.     enabled: true
    33. 

  33. 

  34. kubeProxyReplacement: "true"
    35. 

  35. 

  36. # localRedirectPolicy: true
    37. 

  37. 

  38. bpf:
    39. 

  39.   # -- Enable native IP masquerade support in eBPF
    40. 

  40.   masquerade: true
    41. 

  41. 

  42.   # -- Configure explicitly allowed VLAN id's for bpf logic bypass.
    43. 

  43.   # [0] will allow all VLAN id's without any filtering.
    44. 

  44.   # vlanBypass: [0]
    45. 

  45. 

  46.   # -- Allow cluster external access to ClusterIP services.
    47. 

  47.   #
    48. 

  48.   # Required for access to Kubernetes ClusterIP services from Kubevirt virtual
    49. 

  49.   # machines with interface type masquerade.
    50. 

  50.   lbExternalClusterIP: true
    51. 

  51. 

  52.   hostLegacyRouting: false
    53. 

  53. 

  54. # ipv4:
    55. 

  55. #   enabled: true
    56. 

  56. 

  57. # ipv6:
    58. 

  58. #   enabled: true
    59. 

  59. 

  60. ipam:
    61. 

  61.   mode: "kubernetes"
    62. 

  62. 

  63. # -- Configure socket LB
    64. 

  64. socketLB:
    65. 

  65.   # -- Enable socket LB
    66. 

  66.   enabled: true
    67. 

  67. 

  68.   # -- Disable socket lb for non-root ns. This is used to enable Istio routing rules.
    69. 

  69.   hostNamespaceOnly: false
    70. 

  70. 

  71. loadBalancer:
    72. 

  72.   mode: hybrid
    73. 

  73.   # serviceTopology: true
    74. 

  74. 

  75. ipv4NativeRoutingCIDR: 10.0.0.0/9
    76. 

  76. 

  77. tunnelProtocol: ""
    78. 

  78. routingMode: native
    79. 

  79. 

  80. k8sClientRateLimit: {}
    81. 

  81. 

  82. cgroup:
    83. 

  83.   autoMount:
    84. 

  84.     enabled: false
    85. 

  85.   hostRoot: /sys/fs/cgroup
    86. 

  86. 

  87. # -- Configure external workloads support
    88. 

  88. externalWorkloads:
    89. 

  89.   # -- Enable support for external workloads, such as VMs (false by default).
    90. 

  90.   #
    91. 

  91.   # Required for cluster-mesh.
    92. 

  92.   enabled: true
    93. 

  93.