metallb:
  enabled: false

  controller:
    tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule
    - key: node-role.kubernetes.io/control-plane
      effect: NoSchedule
    nodeSelector:
      node-role.kubernetes.io/control-plane: ""

  ipAddressPools: []
  #- name: my-ip-space
  #  protocol: layer2
  #  addresses:
  #  - 192.168.42.0/24

multus:
  enabled: false
  tag: "v3.9.3"

  clusterNetwork: "cilium"
  defaultNetworks: []
  readinessindicatorfile: "/etc/cni/net.d/05-cilium.conf"

cilium:
  enabled: false

  containerRuntime:
    integration: crio

  # remove with 1.26
  securityContext:
    privileged: true

  resources:
    requests:
      cpu: 10m
      memory: 256Mi
    limits:
      memory: 1024Mi
      # cpu: 4000m

  cni:
    binPath: "/usr/libexec/cni"
    logFile: /var/log/cilium-cni.log
    #-- Ensure this is false if multus is enabled
    exclusive: false

  #bpf:
  #  hostLegacyRouting: true
  #  tproxy: false

  cluster:
    # This should match the second octet of clusterPoolIPv4PodCIDRList
    # to prevent IP space overlap and easy tracking
    # use 240 as default, less likely to clash with 1
    id: 240
    name: default

  ipam:
    operator:
      clusterPoolIPv4PodCIDRList:
        - 10.240.0.0/16

  # Keep it simple for now
  l7Proxy: false

  #rollOutCiliumPods: true

  cgroup:
    autoMount:
      enabled: false
    hostRoot: "/sys/fs/cgroup"

  tunnel: geneve

  prometheus:
    enabled: false
    port: 9091

  operator:
    replicas: 1
    tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule
    - key: node-role.kubernetes.io/control-plane
      effect: NoSchedule
    nodeSelector:
      node-role.kubernetes.io/control-plane: ""

  hubble:
    enabled: false
    relay:
      enabled: false
    ui:
      enabled: false
    tls:
      auto:
        method: cert-manager
        certManagerIssuerRef:
          group: cert-manager.io
          kind: ClusterIssuer
          name: kubezero-local-ca-issuer