wip: move cilium values to external dir
This commit is contained in:
@@ -0,0 +1,106 @@
|
||||
authentication:
|
||||
mutual:
|
||||
spire:
|
||||
enabled: {{ .Values.cilium.spire.enabled }}
|
||||
cgroup:
|
||||
autoMount:
|
||||
enabled: false
|
||||
hostRoot: /sys/fs/cgroup
|
||||
dashboards:
|
||||
enabled: true
|
||||
namespace: prometheus
|
||||
enableXTSocketFallback: false
|
||||
encryption:
|
||||
enabled: {{ .Values.cilium.encryption.enabled }}
|
||||
type: {{ .Values.cilium.encryption.type}}
|
||||
envoy:
|
||||
enabled: {{ .Values.cilium.envoy.enabled }}
|
||||
prometheus:
|
||||
serviceMonitor:
|
||||
enabled: {{ .Values.cilium.envoy.enabled }}
|
||||
extraConfig:
|
||||
enable-envoy-config: "true"
|
||||
hubble:
|
||||
enabled: true
|
||||
tls:
|
||||
auto:
|
||||
method: cronJob
|
||||
metrics:
|
||||
dashboards:
|
||||
enabled: true
|
||||
namespace: prometheus
|
||||
enabled:
|
||||
- dns:query;ignoreAAAA
|
||||
- drop
|
||||
- tcp
|
||||
- flow
|
||||
- icmp
|
||||
- policy:sourceContext=app|workload-name|pod|reserved-identity;destinationContext=app|workload-name|pod|dns|reserved-identity;labelsContext=source_namespace,destination_namespace
|
||||
- httpV2:exemplars=false;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction
|
||||
port: 12304
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
redact:
|
||||
enabled: true
|
||||
relay:
|
||||
enabled: true
|
||||
prometheus:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
ui:
|
||||
enabled: {{ .Values.cilium.hubble.ui }}
|
||||
ipam:
|
||||
mode: kubernetes
|
||||
kubeProxyReplacement: {{ .Values.cilium.kubeProxyReplacement }}
|
||||
l2announcements:
|
||||
enabled: {{ .Values.cilium.l2announcement.enabled }}
|
||||
k8sServiceHost: {{ .Values.cilium.k8sServiceHost }}
|
||||
k8sServicePort: {{ .Values.cilium.k8sServicePort }}
|
||||
nodePort:
|
||||
enabled: {{ .Values.cilium.nodePort.enabled }}
|
||||
gatewayAPI:
|
||||
enabled: {{ .Values.cilium.gatewayAPI.enabled }}
|
||||
ingressController:
|
||||
enabled: {{ .Values.cilium.ingressController.enabled }}
|
||||
default: {{ .Values.cilium.ingressController.defaultClass }}
|
||||
loadbalancerMode: {{ .Values.cilium.ingressController.loadbalancerMode }}
|
||||
operator:
|
||||
dashboards:
|
||||
enabled: true
|
||||
namespace: prometheus
|
||||
prometheus:
|
||||
enabled: true
|
||||
port: 12301
|
||||
serviceMointor:
|
||||
enabled: true
|
||||
port: 12302
|
||||
rollOutPods: true
|
||||
policyAuditMode: {{ .Values.cilium.policyAuditMode }}
|
||||
prometheus:
|
||||
enabled: true
|
||||
port: 12300
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
rollOutCiliumPods: true
|
||||
securityContext:
|
||||
capabilities:
|
||||
ciliumAgent:
|
||||
- CHOWN
|
||||
- KILL
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- IPC_LOCK
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- SETGID
|
||||
- SETUID
|
||||
cleanCiliumState:
|
||||
- NET_ADMIN
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
{{- with .Values.cilium.upgradeCompatability}}
|
||||
upgradeCompatability: {{ . }}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user