--- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app cilium namespace: &ns kube-system spec: interval: 30m chart: spec: chart: cilium version: 1.15.6 sourceRef: kind: HelmRepository name: cilium namespace: flux-system maxHistory: 2 install: createNamespace: true remediation: retries: 3 upgrade: cleanupOnFail: true remediation: retries: 3 uninstall: keepHistory: false values: autoDirectNodeRoutes: true bgp: announce: loadbalancerIP: true enabled: true cluster: id: 1 name: cluster-0 containerRuntime: integration: containerd enableRuntimeDeviceDetection: true endpointRoutes: enabled: true hubble: enabled: true metrics: enabled: - dns:query;ignoreAAAA - drop - tcp - flow - port-distribution - icmp - http relay: enabled: true rollOutPods: true serviceMonitor: enabled: true ui: enabled: true ingress: enabled: true className: nginx hosts: - &host "cilium.${SECRET_EXTERNAL_DOMAIN}" tls: - hosts: - *host rollOutPods: true ipam: mode: kubernetes ipv4NativeRoutingCIDR: ${CILIUM_POD_CIDR} k8sServiceHost: localhost k8sServicePort: 7445 kubeProxyReplacement: true kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 l2announcements: enabled: true loadBalancer: algorithm: maglev mode: dsr localRedirectPolicy: true operator: rollOutPods: true rollOutCiliumPods: true securityContext: capabilities: ciliumAgent: - CHOWN - KILL - NET_ADMIN - NET_RAW - IPC_LOCK - SYS_ADMIN - SYS_RESOURCE - DAC_OVERRIDE - FOWNER - SETGID - SETUID cleanCiliumState: - NET_ADMIN - SYS_ADMIN - SYS_RESOURCE cgroup: autoMount: enabled: false hostRoot: /sys/fs/cgroup tunnel: disabled l7proxy: true routingMode: native ingressController: enabled: false defaultSecretNamespace: networking defaultSecretName: ${SECRET_EXTERNAL_DOMAIN//./-}-tls loadbalancerMode: shared service: loadBalancerIP: 192.168.169.115