---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: &app cilium
  namespace: kube-system
spec:
  interval: 15m
  chart:
    spec:
      chart: cilium
      version: 1.12.4
      sourceRef:
        kind: HelmRepository
        name: cilium
        namespace: flux-system
  install:
    createNamespace: true
    remediation:
      retries: 5
  upgrade:
    remediation:
      retries: 5
  values:
    autoDirectNodeRoutes: true
    bgp:
      announce:
        loadbalancerIP: true
      enabled: true
    cluster:
      id: 1
      name: cluster-0
    containerRuntime:
      integration: containerd
    endpointRoutes:
      enabled: true
    hubble:
      enabled: true
      metrics:
        enabled:
          - dns:query;ignoreAAAA
          - drop
          - tcp
          - flow
          - port-distribution
          - icmp
          - http
      relay:
        enabled: true
        rollOutPods: true
      serviceMonitor:
        enabled: true
      ui:
        enabled: true
        ingress:
          enabled: true
          hosts:
            - &host "cilium.${SECRET_CLUSTER_DOMAIN}"
          tls:
            - hosts:
                - *host
        rollOutPods: true
    ipam:
      mode: kubernetes
    ipv4NativeRoutingCIDR: ${CILIUM_POD_CIDR}
    k8sServiceHost: cluster-0.${SECRET_DOMAIN}
    k8sServicePort: 6443
    kubeProxyReplacement: strict
    kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
    loadBalancer:
      algorithm: maglev
      mode: dsr
    localRedirectPolicy: true
    operator:
      rollOutPods: true
    rollOutCiliumPods: true
    securityContext:
      privileged: true
    tunnel: disabled