mirror of
https://github.com/nold360/hive-apps
synced 2024-12-23 06:01:18 +00:00
change(cilium): update chart, images & relying on upstream config
This commit is contained in:
parent
076a81ee24
commit
934dceb41a
1 changed files with 2 additions and 100 deletions
|
@ -89,27 +89,13 @@ rollOutCiliumPods: false
|
||||||
# -- Agent container image.
|
# -- Agent container image.
|
||||||
image:
|
image:
|
||||||
override: ~
|
override: ~
|
||||||
repository: "quay.io/cilium/cilium"
|
repository: "quay.io/cilium/cilium-ci"
|
||||||
tag: "v1.13.0"
|
tag: "v1.13"
|
||||||
pullPolicy: "IfNotPresent"
|
pullPolicy: "IfNotPresent"
|
||||||
# cilium-digest
|
# cilium-digest
|
||||||
digest: ""
|
digest: ""
|
||||||
useDigest: false
|
useDigest: false
|
||||||
|
|
||||||
# -- Security context to be added to agent pods
|
|
||||||
securityContext:
|
|
||||||
# runAsUser: 0
|
|
||||||
privileged: false
|
|
||||||
extraCapabilities:
|
|
||||||
# Allow discretionary access control (e.g. required for package installation)
|
|
||||||
- DAC_OVERRIDE
|
|
||||||
# Allow to set Access Control Lists (ACLs) on arbitrary files (e.g. required for package installation)
|
|
||||||
- FOWNER
|
|
||||||
# Allow to execute program that changes GID (e.g. required for package installation)
|
|
||||||
- SETGID
|
|
||||||
# Allow to execute program that changes UID (e.g. required for package installation)
|
|
||||||
- SETUID
|
|
||||||
|
|
||||||
# -- Cilium agent update strategy
|
# -- Cilium agent update strategy
|
||||||
updateStrategy:
|
updateStrategy:
|
||||||
type: RollingUpdate
|
type: RollingUpdate
|
||||||
|
@ -142,90 +128,6 @@ bgpControlPlane:
|
||||||
# -- Enables the BGP control plane.
|
# -- Enables the BGP control plane.
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
bpf:
|
|
||||||
# -- Configure the mount point for the BPF filesystem
|
|
||||||
root: /sys/fs/bpf
|
|
||||||
|
|
||||||
# -- Enable BPF clock source probing for more efficient tick retrieval.
|
|
||||||
clockProbe: false
|
|
||||||
|
|
||||||
# -- Enables pre-allocation of eBPF map values. This increases
|
|
||||||
# memory usage but can reduce latency.
|
|
||||||
preallocateMaps: false
|
|
||||||
|
|
||||||
# -- Configure the maximum number of entries in the TCP connection tracking
|
|
||||||
# table.
|
|
||||||
# ctTcpMax: '524288'
|
|
||||||
|
|
||||||
# -- Configure the maximum number of entries for the non-TCP connection
|
|
||||||
# tracking table.
|
|
||||||
# ctAnyMax: '262144'
|
|
||||||
|
|
||||||
# -- Configure the maximum number of service entries in the
|
|
||||||
# load balancer maps.
|
|
||||||
lbMapMax: 65536
|
|
||||||
|
|
||||||
# -- Configure the maximum number of entries for the NAT table.
|
|
||||||
# natMax: 524288
|
|
||||||
|
|
||||||
# -- Configure the maximum number of entries for the neighbor table.
|
|
||||||
# neighMax: 524288
|
|
||||||
|
|
||||||
# -- Configure the maximum number of entries in endpoint policy map (per endpoint).
|
|
||||||
policyMapMax: 16384
|
|
||||||
|
|
||||||
# -- Configure auto-sizing for all BPF maps based on available memory.
|
|
||||||
# ref: https://docs.cilium.io/en/stable/concepts/ebpf/maps/#ebpf-maps
|
|
||||||
#mapDynamicSizeRatio: 0.0025
|
|
||||||
|
|
||||||
# -- Configure the level of aggregation for monitor notifications.
|
|
||||||
# Valid options are none, low, medium, maximum.
|
|
||||||
monitorAggregation: medium
|
|
||||||
|
|
||||||
# -- Configure the typical time between monitor notifications for
|
|
||||||
# active connections.
|
|
||||||
monitorInterval: "5s"
|
|
||||||
|
|
||||||
# -- Configure which TCP flags trigger notifications when seen for the
|
|
||||||
# first time in a connection.
|
|
||||||
monitorFlags: "all"
|
|
||||||
|
|
||||||
# -- Allow cluster external access to ClusterIP services.
|
|
||||||
lbExternalClusterIP: false
|
|
||||||
|
|
||||||
# -- Enable native IP masquerade support in eBPF
|
|
||||||
#masquerade: false
|
|
||||||
|
|
||||||
# -- Deprecated in favor of bpf.hostLegacyRouting. To be removed in 1.13.
|
|
||||||
# Configure whether direct routing mode should route traffic via
|
|
||||||
# host stack (true) or directly and more efficiently out of BPF (false) if
|
|
||||||
# the kernel supports it.
|
|
||||||
#hostRouting: true
|
|
||||||
|
|
||||||
# -- Configure whether direct routing mode should route traffic via
|
|
||||||
# host stack (true) or directly and more efficiently out of BPF (false) if
|
|
||||||
# the kernel supports it. The latter has the implication that it will also
|
|
||||||
# bypass netfilter in the host namespace.
|
|
||||||
#hostLegacyRouting: false
|
|
||||||
|
|
||||||
# -- Configure the eBPF-based TPROXY to reduce reliance on iptables rules
|
|
||||||
# for implementing Layer 7 policy.
|
|
||||||
# tproxy: true
|
|
||||||
|
|
||||||
# -- Configure the FIB lookup bypass optimization for nodeport reverse
|
|
||||||
# NAT handling.
|
|
||||||
# lbBypassFIBLookup: true
|
|
||||||
|
|
||||||
# -- Configure explicitly allowed VLAN id's for bpf logic bypass.
|
|
||||||
# [0] will allow all VLAN id's without any filtering.
|
|
||||||
# vlanBypass: []
|
|
||||||
|
|
||||||
# -- Wait for KUBE-PROXY-CANARY iptables rule to appear in "wait-for-kube-proxy"
|
|
||||||
# init container before launching cilium-agent.
|
|
||||||
# More context can be found in the commit message of below PR
|
|
||||||
# https://github.com/cilium/cilium/pull/20123
|
|
||||||
waitForKubeProxy: false
|
|
||||||
|
|
||||||
cni:
|
cni:
|
||||||
# -- Install the CNI configuration and binary files into the filesystem.
|
# -- Install the CNI configuration and binary files into the filesystem.
|
||||||
install: true
|
install: true
|
||||||
|
|
Loading…
Reference in a new issue