upgradeCompatibility: '1.10' debug: # -- Enable debug logging enabled: false # verbose: # gke: # enabled: true ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/ mode: kubernetes # -- Configure the encapsulation configuration for communication between nodes. # Possible values: # - disabled (native routing on the hetzner network) # - vxlan # - geneve tunnel: disabled # -- Specify the IPv4 CIDR for native routing (ie to avoid IP masquerade for). # This value corresponds to the configured cluster-cidr. nativeRoutingCIDR: 10.0.0.0/8 # When enabled, causes legacy routing # endpointRoutes: # -- Enable use of per endpoint routes instead of routing via # the cilium_host interface. # enabled: false # -- Enable installation of PodCIDR routes between worker # nodes if worker nodes share a common L2 network segment. autoDirectNodeRoutes: false bpf: # -- Allow cluster external access to ClusterIP services. lbExternalClusterIP: false # -- Enable native IP masquerade support in eBPF masquerade: true endpointHealthChecking: # -- Enable connectivity health checking between virtual endpoints. enabled: true # -- Configure ClusterIP service handling in the host namespace (the node). hostServices: # -- Enable host reachable services. enabled: true # -- Supported list of protocols to apply ClusterIP translation to. protocols: tcp,udp externalIPs: # -- Enable ExternalIPs service support. enabled: true hostPort: # -- Enable hostPort service support. enabled: true # -- Configure N-S k8s service loadbalancing nodePort: # -- Enable the Cilium NodePort service implementation. enabled: true # -- Enable connectivity health checking. healthChecking: true ipv4: # -- Enable IPv4 support. enabled: true ipv6: # -- Enable IPv6 support. enabled: false # -- Configure Kubernetes specific configuration k8s: # -- requireIPv4PodCIDR enables waiting for Kubernetes to provide the PodCIDR # range via the Kubernetes node resource requireIPv4PodCIDR: true # -- Configure the kube-proxy replacement in Cilium BPF datapath # Valid options are "disabled", "probe", "partial", "strict". # ref: https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free/ kubeProxyReplacement: strict # -- Enables masquerading of IPv4 traffic leaving the node from endpoints. enableIPv4Masquerade: true monitor: # -- Enable the cilium-monitor sidecar. enabled: false # -- Configure service load balancing loadBalancer: # -- standalone enables the standalone L4LB which does not connect to # kube-apiserver. # standalone: false # -- algorithm is the name of the load balancing algorithm for backend # selection e.g. random or maglev algorithm: maglev # -- mode is the operation mode of load balancing for remote backends # e.g. snat, dsr, hybrid # dsr requires native routing via tunnel disabled (set by default above), see https://docs.cilium.io/en/latest/gettingstarted/kubeproxy-free/ mode: dsr # -- The agent can be put into one of the three policy enforcement modes: # default, always and never. # ref: https://docs.cilium.io/en/stable/policy/intro/#policy-enforcement-modes policyEnforcementMode: never # -- Enables the enforcement of host policies in the eBPF datapath. hostFirewall: false