authentication:
  mutual:
    spire:
      enabled: {{ .Values.cilium.spire.enabled }}
cgroup:
  autoMount:
    enabled: false
  hostRoot: /sys/fs/cgroup
dashboards:
  enabled: true
  namespace: prometheus
enableXTSocketFallback: false
encryption:
  enabled: {{ .Values.cilium.encryption.enabled }}
  type: {{ .Values.cilium.encryption.type}}
envoy:
  enabled: {{ .Values.cilium.envoy.enabled }}
  prometheus:
    serviceMonitor:
      enabled: {{ .Values.cilium.envoy.enabled }}
extraConfig:
  enable-envoy-config: "true"
hubble:
  enabled: true
  tls:
    auto:
      method: cronJob
  metrics:
    dashboards:
      enabled: true
      namespace: prometheus
    enabled:
    - dns:query;ignoreAAAA
    - drop
    - tcp
    - flow
    - icmp
    - policy:sourceContext=app|workload-name|pod|reserved-identity;destinationContext=app|workload-name|pod|dns|reserved-identity;labelsContext=source_namespace,destination_namespace
    - httpV2:exemplars=false;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction
    port: 12304
    serviceMonitor:
      enabled: true
  redact:
    enabled: true
  relay:
    enabled: true
    prometheus:
      enabled: true
      serviceMonitor:
        enabled: true
  ui:
    enabled: {{ .Values.cilium.hubble.ui }}
ipam:
  mode: kubernetes
kubeProxyReplacement: {{ .Values.cilium.kubeProxyReplacement }}
l2announcements:
  enabled: {{ .Values.cilium.l2announcement.enabled }}
k8sServiceHost: {{ .Values.cilium.k8sServiceHost }}
k8sServicePort: {{ .Values.cilium.k8sServicePort }}
nodePort:
  enabled: {{ .Values.cilium.nodePort.enabled }}
gatewayAPI:
  enabled: {{ .Values.cilium.gatewayAPI.enabled }}
ingressController:
  enabled: {{ .Values.cilium.ingressController.enabled }}
  default: {{ .Values.cilium.ingressController.defaultClass }}
  loadbalancerMode: {{ .Values.cilium.ingressController.loadbalancerMode }}
operator:
  dashboards:
    enabled: true
    namespace: prometheus
  prometheus:
    enabled: true
    port: 12301
    serviceMointor:
      enabled: true
      port: 12302
  rollOutPods: true
policyAuditMode: {{ .Values.cilium.policyAuditMode }}
prometheus:
  enabled: true
  port: 12300
  serviceMonitor:
    enabled: true
rollOutCiliumPods: true
securityContext:
  capabilities:
    ciliumAgent:
    - CHOWN
    - KILL
    - NET_ADMIN
    - NET_RAW
    - IPC_LOCK
    - SYS_ADMIN
    - SYS_RESOURCE
    - DAC_OVERRIDE
    - FOWNER
    - SETGID
    - SETUID
    cleanCiliumState:
    - NET_ADMIN
    - SYS_ADMIN
    - SYS_RESOURCE
{{- with .Values.cilium.upgradeCompatability}}
upgradeCompatability:  {{ . }}
{{- end }}