kubeasz/roles/cilium/templates/values.yaml.j2

image:
  repository: quay.io/cilium/cilium
  useDigest: false

# -- Additional agent container arguments.
{% if ENABLE_LOCAL_DNS_CACHE %}
extraArgs:
  - --exclude-local-address="{{ LOCAL_DNS_CACHE }}/32"
{% endif %}

resources:
  limits:
    cpu: 4000m
    memory: 4Gi
  requests:
    cpu: 100m
    memory: 512Mi

cni:
  binPath: {{ bin_dir }}

containerRuntime:
  integration: containerd
  socketPath: unix:///run/containerd/containerd.sock

{% if cilium_hubble_enabled %}
hubble:
  enabled: true
  metrics:
    enabled:
    - dns
    - drop
    - tcp
    - flow
    - icmp
    - http
  relay:
    enabled: true
  ui:
    enabled: true
{% endif %}

identityAllocationMode: "crd"

ipam:
  # ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/
  mode: "cluster-pool"
  operator:
    clusterPoolIPv4PodCIDRList: ["{{ CLUSTER_CIDR }}"]
    clusterPoolIPv4MaskSize: 24

l7Proxy: true

# -- Configure Istio proxy options.
proxy:
  prometheus:
    enabled: false
    port: "9095"
  # -- Regular expression matching compatible Istio sidecar istio-proxy
  # container image names
  sidecarImageRegex: "cilium/istio_proxy"

# -- Configure TLS configuration in the agent.
tls:
  enabled: true
  secretsBackend: local

tunnel: "vxlan"

etcd:
  enabled: false

operator:
  enabled: true
  image:
    repository: quay.io/cilium/operator
    useDigest: false
  replicas: 1
  resources:
    limits:
      cpu: 1000m
      memory: 1Gi
    requests:
      cpu: 100m
      memory: 128Mi

preflight:
  enabled: false

clustermesh:
  useAPIServer: false
update cilium 1.11.5 2022-06-13 19:29:30 +08:00			`image:`
			`repository: quay.io/cilium/cilium`
			`useDigest: false`

add cilium connectivity-check 2022-06-16 12:37:24 +08:00			`# -- Additional agent container arguments.`
			`{% if ENABLE_LOCAL_DNS_CACHE %}`
			`extraArgs:`
			`- --exclude-local-address="{{ LOCAL_DNS_CACHE }}/32"`
			`{% endif %}`

update cilium 1.11.5 2022-06-13 19:29:30 +08:00			`resources:`
			`limits:`
			`cpu: 4000m`
			`memory: 4Gi`
			`requests:`
			`cpu: 100m`
			`memory: 512Mi`

			`cni:`
			`binPath: {{ bin_dir }}`

			`containerRuntime:`
			`integration: containerd`
			`socketPath: unix:///run/containerd/containerd.sock`

add cilium hubble 2022-06-16 21:07:03 +08:00			`{% if cilium_hubble_enabled %}`
update cilium 1.11.5 2022-06-13 19:29:30 +08:00			`hubble:`
add cilium hubble 2022-06-16 21:07:03 +08:00			`enabled: true`
			`metrics:`
			`enabled:`
			`- dns`
			`- drop`
			`- tcp`
			`- flow`
			`- icmp`
			`- http`
			`relay:`
			`enabled: true`
			`ui:`
			`enabled: true`
			`{% endif %}`
update cilium 1.11.5 2022-06-13 19:29:30 +08:00
			`identityAllocationMode: "crd"`

			`ipam:`
			`# ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/`
			`mode: "cluster-pool"`
			`operator:`
			`clusterPoolIPv4PodCIDRList: ["{{ CLUSTER_CIDR }}"]`
			`clusterPoolIPv4MaskSize: 24`

			`l7Proxy: true`

			`# -- Configure Istio proxy options.`
			`proxy:`
			`prometheus:`
			`enabled: false`
			`port: "9095"`
			`# -- Regular expression matching compatible Istio sidecar istio-proxy`
			`# container image names`
			`sidecarImageRegex: "cilium/istio_proxy"`

			`# -- Configure TLS configuration in the agent.`
			`tls:`
			`enabled: true`
			`secretsBackend: local`

			`tunnel: "vxlan"`

			`etcd:`
			`enabled: false`

			`operator:`
			`enabled: true`
			`image:`
			`repository: quay.io/cilium/operator`
			`useDigest: false`
			`replicas: 1`
			`resources:`
			`limits:`
			`cpu: 1000m`
			`memory: 1Gi`
			`requests:`
			`cpu: 100m`
			`memory: 128Mi`

			`preflight:`
			`enabled: false`

			`clustermesh:`
			`useAPIServer: false`