From 55fed69345c369cc11a803df4ac5a6591e4b5e63 Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Mon, 16 Dec 2024 10:16:40 +0100 Subject: [PATCH] initial commit --- cilium-values.yaml | 87 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 cilium-values.yaml diff --git a/cilium-values.yaml b/cilium-values.yaml new file mode 100644 index 0000000..674c94a --- /dev/null +++ b/cilium-values.yaml @@ -0,0 +1,87 @@ +cluster: + name: talos + id: 1 + +kubeProxyReplacement: true + +# Talos specific +k8sServiceHost: localhost +k8sServicePort: 7445 +securityContext: + capabilities: + ciliumAgent: [ CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID ] + cleanCiliumState: [ NET_ADMIN, SYS_ADMIN, SYS_RESOURCE ] + +cgroup: + autoMount: + enabled: false + hostRoot: /sys/fs/cgroup + +# https://docs.cilium.io/en/stable/network/concepts/ipam/ +ipam: + mode: kubernetes + +operator: + rollOutPods: true + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + +# Roll out cilium agent pods automatically when ConfigMap is updated. +rollOutCiliumPods: true +resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 200m + memory: 512Mi + +#debug: +# enabled: true + +# Increase rate limit when doing L2 announcements +k8sClientRateLimit: + qps: 20 + burst: 100 + +l2announcements: + enabled: true + +externalIPs: + enabled: true + +enableCiliumEndpointSlice: true + +loadBalancer: + # https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#maglev-consistent-hashing + algorithm: maglev + +gatewayAPI: + enabled: true +envoy: + securityContext: + capabilities: + keepCapNetBindService: true + envoy: [ NET_ADMIN, PERFMON, BPF ] + +ingressController: + enabled: true + default: true + loadbalancerMode: shared + # service: + # annotations: + # io.cilium/lb-ipam-ips: 192.168.1.223 + +hubble: + enabled: true + relay: + enabled: true + rollOutPods: true + ui: + enabled: true + rollOutPods: true