a1994sc · February 11, 2026 14:15
diff --git a/cilium-values.yaml b/cilium-values.yaml
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/cilium/cilium/refs/heads/main/install/kubernetes/cilium/values.schema.json
 kubeProxyReplacement: true
 ingressController:
  secretsNamespace:
    create: false
    name: kube-system
 envoyConfig:
  secretsNamespace:
    create: false
    name: kube-system
 tls:
  secretsNamespace:
    create: false
    name: kube-system
 gatewayAPI:
  enabled: false
  secretsNamespace:
    create: false
    name: kube-system
 image:
  useDigest: false
 envoy:
  enabled: true
  image:
    useDigest: false
 operator:
  replicas: 2
  image:
    useDigest: false
  tolerations:
    - operator: Exists
  enabled: true
  rollOutPods: true
  prometheus:
    enabled: true
    serviceMonitor:
      enabled: false
  skipCRDCreation: false
  removeNodeTaints: true
  setNodeNetworkStatus: true
  unmanagedPodWatcher:
    restart: true
    intervalSeconds: 15
 hubble:
  metrics:
    enabled:
      - dns:query;ignoreAAAA
      - drop
      - tcp
      - flow
      - icmp
      - http
    port: 9965
  ui:
    tolerations:
      - operator: Exists
    enabled: true
    rollOutPods: true
    frontend:
      image:
        useDigest: false
    backend:
      image:
        useDigest: false
  relay:
    rollOutPods: true
    prometheus:
      enabled: true
      serviceMonitor:
        enabled: false
    tolerations:
      - operator: Exists
    enabled: true
    image:
      useDigest: false
 ipam:
  mode: "cluster-pool"
  operator:
    clusterPoolIPv4PodCIDR: "10.244.0.0/16"
    clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]
    clusterPoolIPv4MaskSize: 24
    clusterPoolIPv6PodCIDR: "fd00::/104"
    clusterPoolIPv6PodCIDRList: []
    clusterPoolIPv6MaskSize: 120
 securityContext:
  capabilities:
    ciliumAgent:
      - CHOWN
      - KILL
      - NET_ADMIN
      - NET_RAW
      - IPC_LOCK
      - SYS_ADMIN
      - SYS_RESOURCE
      - DAC_OVERRIDE
      - FOWNER
      - SETGID
      - SETUID
    cleanCiliumState:
      - NET_ADMIN
      - SYS_ADMIN
      - SYS_RESOURCE
 cgroup:
  hostRoot: /sys/fs/cgroup
  autoMount:
    enabled: false
 prometheus:
  enabled: true
  serviceMonitor:
    enabled: false
	---
	# yaml-language-server: $schema=https://raw.githubusercontent.com/cilium/cilium/refs/heads/main/install/kubernetes/cilium/values.schema.json
	kubeProxyReplacement: true
	ingressController:
	secretsNamespace:
	create: false
	name: kube-system
	envoyConfig:
	secretsNamespace:
	create: false
	name: kube-system
	tls:
	secretsNamespace:
	create: false
	name: kube-system
	gatewayAPI:
	enabled: false
	secretsNamespace:
	create: false
	name: kube-system
	image:
	useDigest: false
	envoy:
	enabled: true
	image:
	useDigest: false
	operator:
	replicas: 2
	image:
	useDigest: false
	tolerations:
	- operator: Exists
	enabled: true
	rollOutPods: true
	prometheus:
	enabled: true
	serviceMonitor:
	enabled: false
	skipCRDCreation: false
	removeNodeTaints: true
	setNodeNetworkStatus: true
	unmanagedPodWatcher:
	restart: true
	intervalSeconds: 15
	hubble:
	metrics:
	enabled:
	- dns:query;ignoreAAAA
	- drop
	- tcp
	- flow
	- icmp
	- http
	port: 9965
	ui:
	tolerations:
	- operator: Exists
	enabled: true
	rollOutPods: true
	frontend:
	image:
	useDigest: false
	backend:
	image:
	useDigest: false
	relay:
	rollOutPods: true
	prometheus:
	enabled: true
	serviceMonitor:
	enabled: false
	tolerations:
	- operator: Exists
	enabled: true
	image:
	useDigest: false
	ipam:
	mode: "cluster-pool"
	operator:
	clusterPoolIPv4PodCIDR: "10.244.0.0/16"
	clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]
	clusterPoolIPv4MaskSize: 24
	clusterPoolIPv6PodCIDR: "fd00::/104"
	clusterPoolIPv6PodCIDRList: []
	clusterPoolIPv6MaskSize: 120
	securityContext:
	capabilities:
	ciliumAgent:
	- CHOWN
	- KILL
	- NET_ADMIN
	- NET_RAW
	- IPC_LOCK
	- SYS_ADMIN
	- SYS_RESOURCE
	- DAC_OVERRIDE
	- FOWNER
	- SETGID
	- SETUID
	cleanCiliumState:
	- NET_ADMIN
	- SYS_ADMIN
	- SYS_RESOURCE
	cgroup:
	hostRoot: /sys/fs/cgroup
	autoMount:
	enabled: false
	prometheus:
	enabled: true
	serviceMonitor:
	enabled: false
No results found