change(cilium): update chart, images & relying on upstream config

This commit is contained in:
nold 2023-02-17 20:41:36 +01:00
parent 076a81ee24
commit 934dceb41a

View file

@ -89,27 +89,13 @@ rollOutCiliumPods: false
# -- Agent container image. # -- Agent container image.
image: image:
override: ~ override: ~
repository: "quay.io/cilium/cilium" repository: "quay.io/cilium/cilium-ci"
tag: "v1.13.0" tag: "v1.13"
pullPolicy: "IfNotPresent" pullPolicy: "IfNotPresent"
# cilium-digest # cilium-digest
digest: "" digest: ""
useDigest: false useDigest: false
# -- Security context to be added to agent pods
securityContext:
# runAsUser: 0
privileged: false
extraCapabilities:
# Allow discretionary access control (e.g. required for package installation)
- DAC_OVERRIDE
# Allow to set Access Control Lists (ACLs) on arbitrary files (e.g. required for package installation)
- FOWNER
# Allow to execute program that changes GID (e.g. required for package installation)
- SETGID
# Allow to execute program that changes UID (e.g. required for package installation)
- SETUID
# -- Cilium agent update strategy # -- Cilium agent update strategy
updateStrategy: updateStrategy:
type: RollingUpdate type: RollingUpdate
@ -142,90 +128,6 @@ bgpControlPlane:
# -- Enables the BGP control plane. # -- Enables the BGP control plane.
enabled: false enabled: false
bpf:
# -- Configure the mount point for the BPF filesystem
root: /sys/fs/bpf
# -- Enable BPF clock source probing for more efficient tick retrieval.
clockProbe: false
# -- Enables pre-allocation of eBPF map values. This increases
# memory usage but can reduce latency.
preallocateMaps: false
# -- Configure the maximum number of entries in the TCP connection tracking
# table.
# ctTcpMax: '524288'
# -- Configure the maximum number of entries for the non-TCP connection
# tracking table.
# ctAnyMax: '262144'
# -- Configure the maximum number of service entries in the
# load balancer maps.
lbMapMax: 65536
# -- Configure the maximum number of entries for the NAT table.
# natMax: 524288
# -- Configure the maximum number of entries for the neighbor table.
# neighMax: 524288
# -- Configure the maximum number of entries in endpoint policy map (per endpoint).
policyMapMax: 16384
# -- Configure auto-sizing for all BPF maps based on available memory.
# ref: https://docs.cilium.io/en/stable/concepts/ebpf/maps/#ebpf-maps
#mapDynamicSizeRatio: 0.0025
# -- Configure the level of aggregation for monitor notifications.
# Valid options are none, low, medium, maximum.
monitorAggregation: medium
# -- Configure the typical time between monitor notifications for
# active connections.
monitorInterval: "5s"
# -- Configure which TCP flags trigger notifications when seen for the
# first time in a connection.
monitorFlags: "all"
# -- Allow cluster external access to ClusterIP services.
lbExternalClusterIP: false
# -- Enable native IP masquerade support in eBPF
#masquerade: false
# -- Deprecated in favor of bpf.hostLegacyRouting. To be removed in 1.13.
# Configure whether direct routing mode should route traffic via
# host stack (true) or directly and more efficiently out of BPF (false) if
# the kernel supports it.
#hostRouting: true
# -- Configure whether direct routing mode should route traffic via
# host stack (true) or directly and more efficiently out of BPF (false) if
# the kernel supports it. The latter has the implication that it will also
# bypass netfilter in the host namespace.
#hostLegacyRouting: false
# -- Configure the eBPF-based TPROXY to reduce reliance on iptables rules
# for implementing Layer 7 policy.
# tproxy: true
# -- Configure the FIB lookup bypass optimization for nodeport reverse
# NAT handling.
# lbBypassFIBLookup: true
# -- Configure explicitly allowed VLAN id's for bpf logic bypass.
# [0] will allow all VLAN id's without any filtering.
# vlanBypass: []
# -- Wait for KUBE-PROXY-CANARY iptables rule to appear in "wait-for-kube-proxy"
# init container before launching cilium-agent.
# More context can be found in the commit message of below PR
# https://github.com/cilium/cilium/pull/20123
waitForKubeProxy: false
cni: cni:
# -- Install the CNI configuration and binary files into the filesystem. # -- Install the CNI configuration and binary files into the filesystem.
install: true install: true