---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cilium
namespace: kube-system
spec:
interval: 30m
chart:
spec:
chart: cilium
version: 1.14.1
sourceRef:
kind: HelmRepository
name: cilium
namespace: flux-system
maxHistory: 2
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
autoDirectNodeRoutes: true
bpf:
masquerade: true
bgp:
enabled: false
cluster:
name: kubernetes
id: 1
containerRuntime:
integration: containerd
socketPath: /var/run/k3s/containerd/containerd.sock
endpointRoutes:
enabled: true
hubble:
enabled: true
metrics:
enabled:
- dns:query
- drop
- tcp
- flow
- port-distribution
- icmp
- http
serviceMonitor:
enabled: true
dashboards:
enabled: true
annotations:
grafana_folder: Cilium
relay:
enabled: true
rollOutPods: true
prometheus:
serviceMonitor:
enabled: true
ui:
enabled: true
rollOutPods: true
ingress:
enabled: true
className: nginx
hosts:
- &host hubble.valinor.social
tls:
- hosts:
- *host
ipam:
mode: kubernetes
ipv4NativeRoutingCIDR: 10.32.0.0/16
k8sServiceHost: 10.2.0.3
k8sServicePort: 6443
kubeProxyReplacement: strict
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
l2announcements:
enabled: true
leaseDuration: 120s
leaseRenewDeadline: 60s
leaseRetryPeriod: 1s
loadBalancer:
algorithm: maglev
mode: dsr
localRedirectPolicy: true
operator:
rollOutPods: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
dashboards:
enabled: true
annotations:
grafana_folder: Cilium
prometheus:
enabled: true
serviceMonitor:
enabled: true
trustCRDsExist: true
dashboards:
enabled: true
annotations:
grafana_folder: Cilium
rollOutCiliumPods: true
securityContext:
privileged: true
tunnel: disabled