-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcilium.tf
58 lines (58 loc) · 1.28 KB
/
cilium.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
data "helm_template" "cilium" {
namespace = "kube-system"
name = "cilium"
repository = "https://helm.cilium.io"
chart = "cilium"
# renovate: datasource=helm depName=cilium registryUrl=https://helm.cilium.io
version = "1.16.2"
kube_version = var.kubernetes_version
api_versions = ["gateway.networking.k8s.io/v1/GatewayClass"]
set {
name = "ipam.mode"
value = "kubernetes"
}
set {
name = "kubeProxyReplacement"
value = "true"
}
set {
name = "gatewayAPI.enabled"
value = "true"
}
set {
name = "securityContext.capabilities.ciliumAgent"
value = "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
}
set {
name = "securityContext.capabilities.cleanCiliumState"
value = "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
}
set {
name = "cgroup.autoMount.enabled"
value = "false"
}
set {
name = "cgroup.hostRoot"
value = "/sys/fs/cgroup"
}
set {
name = "k8sServiceHost"
value = "localhost"
}
set {
name = "k8sServicePort"
value = 7445
}
set {
name = "l2announcements.enabled"
value = "true"
}
set {
name = "hubble.ui.enabled"
value = "true"
}
set {
name = "hubble.relay.enabled"
value = "true"
}
}