Alxandr · June 17, 2025 06:53
diff --git a/cilium.yaml b/cilium.yaml
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: cilium
  namespace: flux-system
 spec:
  interval: 10m
  timeout: 5m
  chart:
    spec:
      chart: cilium
      version: 1.17.4
      sourceRef:
        kind: HelmRepository
        name: cilium
      interval: 5m

  releaseName: cilium
  targetNamespace: kube-system

  values:
    ipam:
      mode: kubernetes

    securityContext:
      capabilities:
        ciliumAgent:
          - CHOWN
          - KILL
          - NET_ADMIN
          - NET_RAW
          - IPC_LOCK
          - SYS_ADMIN
          - SYS_RESOURCE
          - DAC_OVERRIDE
          - FOWNER
          - SETGID
          - SETUID
        cleanCiliumState:
          - NET_ADMIN
          - SYS_ADMIN
          - SYS_RESOURCE

    cgroup:
      autoMount:
        enabled: false
      hostRoot: /sys/fs/cgroup

    kubeProxyReplacement: true
    k8sServiceHost: localhost
    k8sServicePort: 7445

    routingMode: tunnel
    tunnelProtocol: geneve

    ipv4:
      enabled: true

    ipv4NativeRoutingCIDR: "10.0.0.0/8"

    # loadBalancer:
    #   mode: dsr
    #   dsrDispatch: geneve

    bgpControlPlane:
      enabled: true

    socketLB:
      enabled: true

    enableIPv4Masquerade: false
    enableIPv6Masquerade: false

    localRedirectPolicy: true

    # bpf:
    #   masquerade: true
    #   # lbExternalClusterIP: true

    # ipMasqAgent:
    #   enabled: true
    #   config:
    #     nonMasqueradeCIDRs:
    #       - 192.168.30.20/32
    #       - 169.254.0.0/16
    #       - 10.0.0.0/8
    #     masqLinkLocal: true

    ingressController:
      default: true
      enabled: true

    gatewayAPI:
      enabled: false

    hubble:
      enabled: true
      relay:
        enabled: true
      ui:
        enabled: true
	apiVersion: helm.toolkit.fluxcd.io/v2
	kind: HelmRelease
	metadata:
	name: cilium
	namespace: flux-system
	spec:
	interval: 10m
	timeout: 5m
	chart:
	spec:
	chart: cilium
	version: 1.17.4
	sourceRef:
	kind: HelmRepository
	name: cilium
	interval: 5m

	releaseName: cilium
	targetNamespace: kube-system

	values:
	ipam:
	mode: kubernetes

	securityContext:
	capabilities:
	ciliumAgent:
	- CHOWN
	- KILL
	- NET_ADMIN
	- NET_RAW
	- IPC_LOCK
	- SYS_ADMIN
	- SYS_RESOURCE
	- DAC_OVERRIDE
	- FOWNER
	- SETGID
	- SETUID
	cleanCiliumState:
	- NET_ADMIN
	- SYS_ADMIN
	- SYS_RESOURCE

	cgroup:
	autoMount:
	enabled: false
	hostRoot: /sys/fs/cgroup

	kubeProxyReplacement: true
	k8sServiceHost: localhost
	k8sServicePort: 7445

	routingMode: tunnel
	tunnelProtocol: geneve

	ipv4:
	enabled: true

	ipv4NativeRoutingCIDR: "10.0.0.0/8"

	# loadBalancer:
	# mode: dsr
	# dsrDispatch: geneve

	bgpControlPlane:
	enabled: true

	socketLB:
	enabled: true

	enableIPv4Masquerade: false
	enableIPv6Masquerade: false

	localRedirectPolicy: true

	# bpf:
	# masquerade: true
	# # lbExternalClusterIP: true

	# ipMasqAgent:
	# enabled: true
	# config:
	# nonMasqueradeCIDRs:
	# - 192.168.30.20/32
	# - 169.254.0.0/16
	# - 10.0.0.0/8
	# masqLinkLocal: true

	ingressController:
	default: true
	enabled: true

	gatewayAPI:
	enabled: false

	hubble:
	enabled: true
	relay:
	enabled: true
	ui:
	enabled: true