---
autoDirectNodeRoutes: true
bandwidthManager:
  enabled: true
  bbr: true
bpf:
  masquerade: true
  tproxy: true
cgroup:
  automount:
    enabled: false
  hostRoot: /sys/fs/cgroup
cluster:
  id: 1
  name: homelab
cni:
  exclusive: false
containerRuntime:
  integration: containerd
devices: enp+
socketLB:
  enabled: false # supposed to be default off, but it's enabled anyway, and looks fun lol # TODO: 2024-06-02: temporarily turned off to attempt fixing endpoint creation timeout
  hostNamespaceOnly: true # KubeVirt compatibility
enableRuntimeDeviceDetection: true
endpointRoutes:
  enabled: true
ipam:
  mode: kubernetes
ipv4NativeRoutingCIDR: 10.244.0.0/16
k8sServiceHost: 127.0.0.1
k8sServicePort: 7445
kubeProxyReplacement: true
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
l2announcements:
  enabled: true
loadBalancer:
  algorithm: maglev
  mode: dsr
localRedirectPolicy: true
operator:
  replicas: 1
rollOutCiliumPods: true
routingMode: native
securityContext:
  capabilities:
    ciliumAgent:
      - CHOWN
      - KILL
      - NET_ADMIN
      - NET_RAW
      - IPC_LOCK
      - SYS_ADMIN
      - SYS_RESOURCE
      - DAC_OVERRIDE
      - FOWNER
      - SETGID
      - SETUID
    cleanCiliumState:
      - NET_ADMIN
      - SYS_ADMIN
      - SYS_RESOURCE