github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/install/kubernetes/cilium/values.yaml (about) 1 # Include the cilium-agent DaemonSet 2 agent: 3 enabled: true 4 # Do not run Cilium agent when running with clean mode. Useful to completely 5 # uninstall Cilium as it will stop Cilium from starting and create artifacts 6 # in the node. 7 sleepAfterInit: false 8 9 # Include the cilium-config ConfigMap 10 config: 11 enabled: true 12 13 # Include the cilium-operator Deployment 14 operator: 15 enabled: true 16 17 # Include the PreFlight DaemonSet 18 preflight: 19 enabled: false 20 # Path to write the --tofqdns-pre-cache file to. When empty no file is 21 # generated. 22 tofqdnsPreCache: "" 23 # By default we should always validate the installed CNPs before upgrading 24 # Cilium. This will make sure the user will have the policies deployed in the 25 # cluster with the right schema. 26 validateCNPs: true 27 28 # global groups all configuration options that have effect on all sub-charts 29 global: 30 # registry is the address of the registry and orgnization for all container images 31 registry: docker.io/cilium 32 33 # tag is the container image tag to use 34 tag: v1.6.9 35 36 # pullPolicy is the container image pull policy 37 pullPolicy: IfNotPresent 38 39 # etcd is the etcd configuration 40 etcd: 41 # enabled enables use of etcd 42 enabled: false 43 44 # managed turns on managed etcd mode based on the cilium-etcd-operator 45 managed: false 46 47 # sets cluster domain for cilium-etcd-operator 48 clusterDomain: cluster.local 49 50 # endpoints is the list of etcd endpoints (not needed when using 51 # managed=true) 52 endpoints: 53 - https://CHANGE-ME:2379 54 55 # ssl enables use of TLS/SSL for connectivity to etcd. (auto-enabled if 56 # managed=true) 57 ssl: false 58 59 # identityAllocationMode is the method to use for identity allocation. 60 # Supported modes: 61 # crd: Kubernetes CRD backing 62 # kvstore: Key-value store backend (better scalability) 63 identityAllocationMode: crd 64 65 # ipv4 is the IPv4 addressing configuration 66 ipv4: 67 enabled: true 68 69 # ipv6 is the IPv6 addressing configuration 70 ipv6: 71 enabled: false 72 73 # debug enables debugging mode 74 debug: 75 enabled: false 76 77 # verbose allows additional levels of debug/trace messaging 78 #verbose: flow 79 80 # prometheus enables 81 prometheus: 82 enabled: false 83 serviceMonitor: 84 enabled: false 85 86 # enableXTSocketFallback enables the fallback compatibility solution 87 # when the xt_socket kernel module is missing and it is needed for 88 # the datapath L7 redirection to work properly. See documentation 89 # for details on when this can be disabled: 90 # http://docs.cilium.io/en/latest/install/system_requirements/#admin-kernel-version. 91 enableXTSocketFallback: true 92 93 # installIptablesRules enables installation of iptables rules to allow for 94 # TPROXY (L7 proxy injection), itpables based masquerading and compatibility 95 # with kube-proxy. See documentation for details on when this can be 96 # disabled. 97 installIptablesRules: true 98 99 # iptablesLockTimeout defines the iptables "--wait" option when invoked from Cilium. 100 # iptablesLockTimeout: "5s" 101 102 # masquerade enables masquerading of traffic leaving the node for 103 # destinations outside of the cluster. 104 masquerade: true 105 106 # autoDirectNodeRoutes enables installation of PodCIDR routes between worker 107 # nodes if worker nodes share a common L2 network segment. 108 autoDirectNodeRoutes: false 109 110 # endpointRoutes enables use of per endpoint routes instead of routing vis 111 # the cilium_host interface 112 endpointRoutes: 113 enabled: false 114 115 # cni is the CNI configuration 116 cni: 117 # install determines whether to install the CNI configuration and binary 118 # files into the filesystem. 119 install: true 120 121 # chainingMode enables chaining on top of other CNI plugins. Possible 122 # values: 123 # - none 124 # - generic-verth 125 # - aws-cni 126 # - portmap 127 chainingMode: none 128 129 # customConf skips writing of the CNI configuration. This can be used if 130 # writing of the CNI configuration is performed by external automation. 131 customConf: false 132 133 # confPath is the path to the CNI configuration directory on the host 134 confPath: /etc/cni/net.d 135 136 # binPath si the path to the CNI binary directory on the host 137 binPath: /opt/cni/bin 138 139 # configMap when defined, will mount the provided value as ConfigMap and 140 # interpret the cniConf variable as CNI configuration file and write it 141 # when the agent starts up 142 # configMap: cni-configuration 143 144 # configMapKey is the key in the CNI ConfigMap to read the contents of the 145 # CNI configuration from 146 configMapKey: cni-config 147 148 # confFileMountPath is the path to where to mount the ConfigMap inside the 149 # pod 150 confFileMountPath: /tmp/cni-configuration 151 152 # hostConfDirMountPath is the path to where the CNI configuration directory 153 # is mounted inside the pod 154 hostConfDirMountPath: /host/etc/cni/net.d 155 156 # cluster is the clustermesh related configuration 157 cluster: 158 # name is the human readable name of the cluster when setting up 159 # clustermesh 160 name: default 161 162 # id is a 8 bits unique cluster identifier when setting up clustermesh 163 #id: "1" 164 165 # tunnel is the encapsulation configuration for communication between nodes 166 # Possible values: 167 # - disabled 168 # - vxlan (default) 169 # - geneve 170 tunnel: "vxlan" 171 172 # containerRuntime enables container runtime specific integration. Supported 173 # values: 174 # - containerd 175 # - crio 176 # - docker 177 # - none 178 # - auto (automatically detect the container runtime) 179 containerRuntime: 180 integration: none 181 182 # socketPath can be used to configure the path to the container runtime 183 # control socket, if it is on a non-standard path. 184 #socketPath: 185 186 # bpf is the BPF datapath specific configuration 187 bpf: 188 # waitForMount instructs the cilium-agent DaemoNSet to wait in an 189 # initContainer until the BPF filesystem has been mounted. 190 waitForMount: false 191 192 # preallocateMaps enables pre allocation of BPF map values. This increases 193 # memory usage but can reduce latency. 194 preallocateMaps: false 195 196 # ctTcpMax is the maximum number of entries in the TCP connection tracking 197 # table 198 ctTcpMax: 524288 199 200 # ctAnyMax is the maximum number of entries for the non-TCP connection 201 # tracking table 202 ctAnyMax: 262144 203 204 # montiorAggregation is the level of aggregation for datapath trace events 205 monitorAggregation: medium 206 207 # encryption is the encryption specific configuration 208 encryption: 209 # enabled enables encryption 210 enabled: false 211 212 # keyFile is the name of the key file inside the Kubernetes secret 213 # configured via secretName 214 keyFile: keys 215 216 # mountPath is the path where to mount the secret inside the Cilium pod 217 mountPath: /etc/ipsec 218 219 # secretName is the name of the Kubernetes secret containing the encryption 220 # keys 221 secretName: cilium-ipsec-keys 222 223 # nodeEncryption enables encryption for pure node to node traffic 224 nodeEncryption: false 225 226 # interface is the interface to use for encryption 227 # interface: eth0 228 229 # hostServices is the configuration for host-facing load-balancing 230 hostServices: 231 # enabled enables host-facing load-balancing 232 enabled: false 233 234 # protocols is the list of protocols to support 235 protocols: tcp,udp 236 237 # nodePort is the nodeport configuration 238 nodePort: 239 # enabled enables NodePort functionality 240 enabled: false 241 242 # range is the port range to use for NodePort 243 # range: 244 245 # device is the name of the device handling NodePort requests 246 # device: 247 248 # flannel is the flannel specific configuration 249 flannel: 250 # enabled enables the flannel integration 251 enabled: false 252 253 # masterDevice is the name of the flannel bridge 254 masterDevice: cni0 255 256 # uninstallOnExt enables uninstallation of Cilium BPF programs on flannel 257 # managed pods when the Cilium pod is terminated 258 uninstallOnExit: false 259 260 # manageExistingContainers enables attachment of Cilium to existing flannel 261 # managed pods when Cilium starts 262 manageExistingContainers: false 263 264 # ipvlan is the IPVLAN configuration 265 ipvlan: 266 # enabled enables use of the IPVLAN datapath 267 enabled: false 268 269 # primaryDevice is the name of the device to use to attach secondary IPVLAN 270 # devices 271 # primaryDevice: eth0 272 273 # pprof is the GO pprof configuration 274 pprof: 275 # enabled enables go pprof debugging 276 enabled: false 277 278 # logSytemLoad enables logging of system load 279 logSystemLoad: false 280 281 # sockops is the BPF socket operations configuration 282 sockops: 283 # enabled enables installation of socket level functionality. 284 enabled: false 285 286 # k8s is the Kubernetes specific configuration 287 k8s: 288 # requireIPv4PodCIDR enables waiting for Kubernetes to provide the PodCIDR 289 # range via the Kubernetes node resource 290 requireIPv4PodCIDR: false 291 292 # ENI mode configures the options required to run with ENI 293 eni: false 294 295 # cleanState instructs the cilium-agent DaemonSet to clean all state in the 296 # initContainer 297 # 298 # WARNING: Use with care! 299 cleanState: false 300 301 # cleanBpfState instructs the cilium-agent DaemonSet to clean all BPF 302 # datapath state in the initContainer 303 # 304 # WARNING: Use with care! 305 cleanBpfState: false 306 307 nodeinit: 308 # enabled enables inclusion of the nodeinit DaemonSet 309 enabled: false 310 311 # bootstrapFile is the location of the file where the bootstrap timestamp is 312 # written by the node-init DaemonSet 313 bootstrapFile: "/tmp/cilium-bootstrap-time"