metallb: enabled: false controller: tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" ipAddressPools: [] #- name: my-ip-space # protocol: layer2 # addresses: # - 192.168.42.0/24 multus: enabled: false image: repository: ghcr.io/k8snetworkplumbingwg/multus-cni tag: v3.9.3 clusterNetwork: "cilium" defaultNetworks: [] readinessindicatorfile: "/etc/cni/net.d/05-cilium.conflist" cilium: enabled: false # breaks preloaded images otherwise image: useDigest: false resources: requests: cpu: 10m memory: 256Mi limits: memory: 1024Mi # cpu: 4000m cni: binPath: "/usr/libexec/cni" logFile: /var/log/cilium-cni.log #-- Ensure this is false if multus is enabled exclusive: false # bpf: # autoMount: # enabled: false cluster: # This should match the second octet of clusterPoolIPv4PodCIDRList # to prevent IP space overlap and easy tracking # use 240 as default, less likely to clash with 1 id: 240 name: default ipam: operator: clusterPoolIPv4PodCIDRList: - 10.240.0.0/16 # Keep it simple for now l7Proxy: false #rollOutCiliumPods: true cgroup: autoMount: enabled: false hostRoot: "/sys/fs/cgroup" tunnelProtocol: geneve prometheus: enabled: false serviceMonitor: enabled: false port: 9091 operator: replicas: 1 tolerations: - key: node-role.kubernetes.io/control-plane effect: NoSchedule # the operator removes the taints, # so we need to break chicken egg on single controller - key: node.cilium.io/agent-not-ready effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" prometheus: enabled: false serviceMonitor: enabled: false hubble: enabled: false relay: enabled: false ui: enabled: false tls: auto: method: cert-manager certManagerIssuerRef: group: cert-manager.io kind: ClusterIssuer name: kubezero-local-ca-issuer