From dfaec21240048c911da7ec030df97f8e2ebd38b0 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Mon, 8 Jan 2024 17:27:14 -0600
Subject: [PATCH] Remove audit mode.

---
 .../apps/kube-system/cilium/app/helmrelease.yaml       | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
index df9d472..7cfa0da 100644
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@@ -34,10 +34,18 @@ spec:
         enabled: true
       ui:
         enabled: true
+      metrics:
+        enabled: "{dns,drop,tcp,flow,port-distribution,icmp,httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction}"
+        enableOpenMetrics: true
+    prometheus:
+      enabled: true
+    operator:
+      prometheus:
+        enabled: true
     ipam:
       mode: kubernetes
     policyEnforcementMode: always    # enforce network policies
-    policyAuditMode: true            # do not block traffic
+    # policyAuditMode: true            # do not block traffic
     hostFirewall:
       enabled: true                  # enable host policies
     extraConfig: