@@ -25,18 +25,76 @@ data:
2525 key-file: "{{ cilium_cert_dir }}/key.pem"
2626 cert-file: "{{ cilium_cert_dir }}/cert.crt"
2727
28+ # If you want metrics enabled in all of your Cilium agents, set the port for
29+ # which the Cilium agents will have their metrics exposed.
30+ # This option deprecates the "prometheus-serve-addr" in the
31+ # "cilium-metrics-config" ConfigMap
32+ # NOTE that this will open the port on ALL nodes where Cilium pods are
33+ # scheduled.
34+ {% if cilium_enable_prometheus %}
35+ prometheus-serve-addr: ":9090"
36+ {% endif %}
37+
2838 # If you want to run cilium in debug mode change this value to true
2939 debug: "{{ cilium_debug }}"
30- disable-ipv4: "{{ cilium_disable_ipv4 }}"
31- # If you want to clean cilium state; change this value to true
40+ enable-ipv4: "{{ cilium_enable_ipv4 }}"
41+ enable-ipv6: "{{ cilium_enable_ipv6 }}"
42+ # If a serious issue occurs during Cilium startup, this
43+ # invasive option may be set to true to remove all persistent
44+ # state. Endpoints will not be restored using knowledge from a
45+ # prior Cilium run, so they may receive new IP addresses upon
46+ # restart. This also triggers clean-cilium-bpf-state.
3247 clean-cilium-state: "false"
33- legacy-host-allows-world: "false"
48+ # If you want to clean cilium BPF state, set this to true;
49+ # Removes all BPF maps from the filesystem. Upon restart,
50+ # endpoints are restored with the same IP addresses, however
51+ # any ongoing connections may be disrupted briefly.
52+ # Loadbalancing decisions will be reset, so any ongoing
53+ # connections via a service may be loadbalanced to a different
54+ # backend after restart.
55+ clean-cilium-bpf-state: "false"
56+
57+ # Users who wish to specify their own custom CNI configuration file must set
58+ # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
59+ custom-cni-conf: "false"
3460
3561 # If you want cilium monitor to aggregate tracing for packets, set this level
3662 # to "low", "medium", or "maximum". The higher the level, the less packets
3763 # that will be seen in monitor output.
3864 monitor-aggregation-level: "none"
3965
66+ # ct-global-max-entries-* specifies the maximum number of connections
67+ # supported across all endpoints, split by protocol: tcp or other. One pair
68+ # of maps uses these values for IPv4 connections, and another pair of maps
69+ # use these values for IPv6 connections.
70+ #
71+ # If these values are modified, then during the next Cilium startup the
72+ # tracking of ongoing connections may be disrupted. This may lead to brief
73+ # policy drops or a change in loadbalancing decisions for a connection.
74+ #
75+ # For users upgrading from Cilium 1.2 or earlier, to minimize disruption
76+ # during the upgrade process, comment out these options.
77+ bpf-ct-global-tcp-max: "524288"
78+ bpf-ct-global-any-max: "262144"
79+
80+ # Pre-allocation of map entries allows per-packet latency to be reduced, at
81+ # the expense of up-front memory allocation for the entries in the maps. The
82+ # default value below will minimize memory usage in the default installation;
83+ # users who are sensitive to latency may consider setting this to "true".
84+ #
85+ # This option was introduced in Cilium 1.4. Cilium 1.3 and earlier ignore
86+ # this option and behave as though it is set to "true".
87+ #
88+ # If this value is modified, then during the next Cilium startup the restore
89+ # of existing endpoints and tracking of ongoing connections may be disrupted.
90+ # This may lead to policy drops or a change in loadbalancing decisions for a
91+ # connection for some time. Endpoints may need to be recreated to restore
92+ # connectivity.
93+ #
94+ # If this option is set to "false" during an upgrade from 1.3 or earlier to
95+ # 1.4 or later, then it may cause one-time disruptions during the upgrade.
96+ preallocate-bpf-maps: "{{cilium_preallocate_bpf_maps}}"
97+
4098 # Regular expression matching compatible Istio sidecar istio-proxy
4199 # container image names
42100 sidecar-istio-proxy-image: "cilium/istio_proxy"
@@ -47,3 +105,38 @@ data:
47105 # - vxlan (default)
48106 # - geneve
49107 tunnel: "vxlan"
108+
109+ # Name of the cluster. Only relevant when building a mesh of clusters.
110+ cluster-name: default
111+
112+ # Unique ID of the cluster. Must be unique across all conneted clusters and
113+ # in the range of 1 and 255. Only relevant when building a mesh of clusters.
114+ #cluster-id: 1
115+
116+ # DNS Polling periodically issues a DNS lookup for each `matchName` from
117+ # cilium-agent. The result is used to regenerate endpoint policy.
118+ # DNS lookups are repeated with an interval of 5 seconds, and are made for
119+ # A(IPv4) and AAAA(IPv6) addresses. Should a lookup fail, the most recent IP
120+ # data is used instead. An IP change will trigger a regeneration of the Cilium
121+ # policy for each endpoint and increment the per cilium-agent policy
122+ # repository revision.
123+ #
124+ # This option is disabled by default starting from version 1.4.x in favor
125+ # of a more powerful DNS proxy-based implementation, see [0] for details.
126+ # Enable this option if you want to use FQDN policies but do not want to use
127+ # the DNS proxy.
128+ #
129+ # To ease upgrade, users may opt to set this option to "true".
130+ # Otherwise please refer to the Upgrade Guide [1] which explains how to
131+ # prepare policy rules for upgrade.
132+ #
133+ # [0] http://docs.cilium.io/en/stable/policy/language/#dns-based
134+ # [1] http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action
135+ tofqdns-enable-poller: "{{cilium_tofqdns_enable_poller}}"
136+
137+ # wait-bpf-mount makes init container wait until bpf filesystem is mounted
138+ wait-bpf-mount: "false"
139+
140+ # Enable legacy services (prior v1.5) to prevent from terminating existing
141+ # connections with services when upgrading Cilium from < v1.5 to v1.5.
142+ enable-legacy-services: "{{cilium_enable_legacy_services}}"
0 commit comments