Home Explore Help
Sign In
wigust
/
dotfiles
Watch 2
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ef373179f2
Branches Tags
dotfiles
/
infrastructure
/
base
/
cilium
/
values.yaml

values.yaml 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. # helm -n kube-system upgrade --version 1.14.7 --values ~/.local/share/chezmoi/infrastructure/base/cilium/values.yaml cilium cilium/cilium
    2. 

  2. 

  3. cni:
    4. 

  4.   # https://github.com/cilium/cilium/pull/14192/files
    5. 

  5.   # make Cilium's CNI conf the only one available by aanm · Pull Request
    6. 

  6.   # #14192 · cilium/cilium
    7. 

  7.   #
    8. 

  8.   # Make Cilium take ownership over the `/etc/cni/net.d` directory on the
    9. 

  9.   # node, renaming all non-Cilium CNI configurations to
    10. 

  10.   # `*.cilium_bak`. This ensures no Pods can be scheduled using other CNI
    11. 

  11.   # plugins during Cilium agent downtime.
    12. 

  12.   #
    13. 

  13.   # Do not rename 00-multus.conf to 00-multus.conf.cilium_bak file in
    14. 

  14.   # /etc/cni/net.d directory.
    15. 

  15.   exclusive: false
    16. 

  16. 

  17. # -- Configure prometheus metrics on the configured port at /metrics
    18. 

  18. prometheus:
    19. 

  19.   enabled: true
    20. 

  20. 

  21. operator:
    22. 

  22.   replicas: 1
    23. 

  23.   prometheus:
    24. 

  24.     enabled: true
    25. 

  25. 

  26. hubble:
    27. 

  27.   relay:
    28. 

  28.     enabled: true
    29. 

  29.     prometheus:
    30. 

  30.       enabled: true
    31. 

  31.   ui:
    32. 

  32.     enabled: true
    33. 

  33. 

  34. kubeProxyReplacement: "true"
    35. 

  35. 

  36. # localRedirectPolicy: true
    37. 

  37. 

  38. bpf:
    39. 

  39.   # -- Enable native IP masquerade support in eBPF
    40. 

  40.   masquerade: true
    41. 

  41. 

  42.   # -- Configure explicitly allowed VLAN id's for bpf logic bypass.
    43. 

  43.   # [0] will allow all VLAN id's without any filtering.
    44. 

  44.   vlanBypass: [0]
    45. 

  45. 

  46.   # -- Allow cluster external access to ClusterIP services.
    47. 

  47.   #
    48. 

  48.   # Required for access to Kubernetes ClusterIP services from Kubevirt virtual
    49. 

  49.   # machines with interface type masquerade.
    50. 

  50.   lbExternalClusterIP: true
    51. 

  51. 

  52. ipam:
    53. 

  53.   mode: "kubernetes"
    54. 

  54. 

  55. # -- Configure socket LB
    56. 

  56. socketLB:
    57. 

  57.   # -- Enable socket LB
    58. 

  58.   enabled: true
    59. 

  59. 

  60.   # -- Disable socket lb for non-root ns. This is used to enable Istio routing rules.
    61. 

  61.   hostNamespaceOnly: true
    62. 

  62. 

  63. loadBalancer:
    64. 

  64.   mode: hybrid
    65. 

  65.   # serviceTopology: true
    66. 

  66. 

  67. ipv4NativeRoutingCIDR: 10.0.0.0/9
    68. 

  68. 

  69. tunnelProtocol: ""
    70. 

  70. routingMode: native
    71. 

  71. 

  72. k8sClientRateLimit: {}
    73. 

  73. 

  74. cgroup:
    75. 

  75.   autoMount:
    76. 

  76.     enabled: false
    77. 

  77.   hostRoot: /sys/fs/cgroup
    78. 

  78. 

  79. # -- Configure external workloads support
    80. 

  80. externalWorkloads:
    81. 

  81.   # -- Enable support for external workloads, such as VMs (false by default).
    82. 

  82.   #
    83. 

  83.   # Required for cluster-mesh.
    84. 

  84.   enabled: true
    85. 

  85.