--- # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: cilium namespace: kube-system spec: interval: 30m chart: spec: chart: cilium version: 1.14.5 sourceRef: kind: HelmRepository name: cilium namespace: flux-system maxHistory: 2 install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: retries: 3 uninstall: keepHistory: false values: cluster: name: valinor id: 1 hubble: relay: enabled: true ui: enabled: true metrics: enabled: "{dns,drop,tcp,flow,port-distribution,icmp,httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction}" enableOpenMetrics: true prometheus: enabled: true operator: prometheus: enabled: true ipam: mode: kubernetes policyEnforcementMode: always # enforce network policies # policyAuditMode: true # do not block traffic hostFirewall: enabled: true # enable host policies extraConfig: allow-localhost: policy # enable policies for localhost kubeProxyReplacement: true securityContext: capabilities: ciliumAgent: - CHOWN - KILL - NET_ADMIN - NET_RAW - IPC_LOCK - SYS_ADMIN - SYS_RESOURCE - DAC_OVERRIDE - FOWNER - SETGID - SETUID cleanCiliumState: - NET_ADMIN - SYS_ADMIN - SYS_RESOURCE k8sServiceHost: ${K8S_SERVICE_ENDPOINT} k8sServicePort: 6443 rollOutCiliumPods: true