kubespray/roles/network_plugin/cilium/templates/values.yaml.j2

#jinja2: trim_blocks: True, lstrip_blocks: True
MTU: {{ cilium_mtu }}
debug:
  enabled: {{ cilium_debug | to_json }}

image:
  repository: {{ cilium_image_repo }}
  tag: {{ cilium_image_tag }}

k8sServiceHost: "auto"
k8sServicePort: "auto"

ipv4:
  enabled: {{ cilium_enable_ipv4 | to_json }}
ipv6:
  enabled: {{ cilium_enable_ipv6 | to_json }}

l2announcements:
  enabled: {{ cilium_l2announcements | to_json }}

healthPort: {{ cilium_agent_health_port }}

identityAllocationMode: {{ cilium_identity_allocation_mode }}

tunnelProtocol: {{ cilium_tunnel_mode }}

loadbalancer:
  mode: {{ cilium_loadbalancer_mode }}

kubeProxyReplacement: {{ cilium_kube_proxy_replacement | to_json }}

{% if cilium_dns_proxy_enable_transparent_mode is defined %}
dnsProxy:
  enableTransparentMode: {{ cilium_dns_proxy_enable_transparent_mode | to_json }}
{% endif %}

extraVolumes:
  {{ cilium_agent_extra_volumes | to_nice_yaml(indent=2) | indent(2) }}

extraVolumeMounts:
  {{ cilium_agent_extra_volume_mounts | to_nice_yaml(indent=2) | indent(2) }}

extraArgs:
  {{ cilium_agent_extra_args | to_nice_yaml(indent=2) | indent(2) }}

bpf:
  masquerade: {{ cilium_enable_bpf_masquerade | to_json }}
  hostLegacyRouting: {{ cilium_enable_host_legacy_routing | to_json }}
  monitorAggregation: {{ cilium_monitor_aggregation }}
  preallocateMaps: {{ cilium_preallocate_bpf_maps | to_json }}
  mapDynamicSizeRatio: {{ cilium_bpf_map_dynamic_size_ratio }}

cni:
  exclusive: {{ cilium_cni_exclusive | to_json }}
  logFile: {{ cilium_cni_log_file }}

autoDirectNodeRoutes: {{ cilium_auto_direct_node_routes | to_json }}

ipv4NativeRoutingCIDR: {{ cilium_native_routing_cidr }}
ipv6NativeRoutingCIDR: {{ cilium_native_routing_cidr_ipv6 }}

encryption:
  enabled: {{ cilium_encryption_enabled | to_json }}
{% if cilium_encryption_enabled %}
  type: {{ cilium_encryption_type }}
{% if cilium_encryption_type == 'wireguard' %}
  nodeEncryption: {{ cilium_encryption_node_encryption | to_json }}
{% endif %}
{% endif %}

bandwidthManager:
  enabled: {{ cilium_enable_bandwidth_manager | to_json }}
  bbr: {{ cilium_enable_bandwidth_manager_bbr | to_json }}

ipMasqAgent:
  enabled: {{ cilium_ip_masq_agent_enable | to_json }}
{% if cilium_ip_masq_agent_enable %}
  config:
    nonMasqueradeCIDRs: {{ cilium_non_masquerade_cidrs }}
    masqLinkLocal: {{ cilium_masq_link_local | to_json }}
    masqLinkLocalIPv6: {{ cilium_masq_link_local_ipv6 | to_json }}
  # cilium_ip_masq_resync_interval
{% endif %}

hubble:
  peerService:
    clusterDomain: {{ cilium_hubble_peer_service_cluster_domain }}
  enabled: {{ cilium_enable_hubble | to_json }}
  relay:
    enabled: {{ cilium_enable_hubble | to_json }}
    image:
      repository: {{ cilium_hubble_relay_image_repo }}
      tag: {{ cilium_hubble_relay_image_tag }}
  ui:
    enabled: {{ cilium_enable_hubble_ui | to_json }}
    backend:
      image:
        repository: {{ cilium_hubble_ui_backend_image_repo }}
        tag: {{ cilium_hubble_ui_backend_image_tag }}
    frontend:
      image:
        repository: {{ cilium_hubble_ui_image_repo }}
        tag: {{ cilium_hubble_ui_image_tag }}
  metrics:
    enabled: {{ cilium_hubble_metrics | to_json }}
  export:
    fileMaxBackups: {{ cilium_hubble_export_file_max_backups }}
    fileMaxSizeMb: {{ cilium_hubble_export_file_max_size_mb }}
    dynamic:
      enabled: {{ cilium_hubble_export_dynamic_enabled | to_json }}
      config:
        content:
          {{ cilium_hubble_export_dynamic_config_content | to_nice_yaml(indent=10) | indent(10) }}

gatewayAPI:
  enabled: {{ cilium_gateway_api_enabled | to_json }}

ipam:
  mode: {{ cilium_ipam_mode }}
  operator:
    clusterPoolIPv4PodCIDRList:
      - {{ cilium_pool_cidr | default(kube_pods_subnet) }}
    clusterPoolIPv4MaskSize: {{ cilium_pool_mask_size | default(kube_network_node_prefix) }}

    clusterPoolIPv6PodCIDRList:
      - {{ cilium_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}
    clusterPoolIPv6MaskSize: {{ cilium_pool_mask_size_ipv6 | default(kube_network_node_prefix_ipv6) }}

cgroup:
  autoMount:
    enabled: {{ cilium_cgroup_auto_mount | to_json }}
  hostRoot: {{ cilium_cgroup_host_root }}

operator:
  image:
    repository: {{ cilium_operator_image_repo }}
    tag: {{ cilium_operator_image_tag }}
  replicas: {{ cilium_operator_replicas }}
  extraArgs:
    {{ cilium_operator_extra_args | to_nice_yaml(indent=2) | indent(4) }}
  extraVolumes:
    {{ cilium_operator_extra_volumes | to_nice_yaml(indent=2) | indent(4) }}
  extraVolumeMounts:
    {{ cilium_operator_extra_volume_mounts | to_nice_yaml(indent=2) | indent(4) }}
  tolerations:
    {{ cilium_operator_tolerations | to_nice_yaml(indent=2) | indent(4) }}

cluster:
  id: {{ cilium_cluster_id }}
  name: {{ cilium_cluster_name }}

enableIPv4Masquerade: {{ cilium_enable_ipv4_masquerade | to_json }}
enableIPv6Masquerade: {{ cilium_enable_ipv6_masquerade | to_json }}

hostFirewall:
  enabled: {{ cilium_enable_host_firewall | to_json }}

certgen:
  image:
    repositry: {{ cilium_hubble_certgen_image_repo }}
    tag: {{ cilium_hubble_certgen_image_tag }}

envoy:
  image:
    repositry: {{ cilium_hubble_envoy_image_repo }}
    tag: {{ cilium_hubble_envoy_image_tag }}

extraConfig:
  {{ cilium_config_extra_vars | to_yaml | indent(2) }}