---
# Log-level
cilium_debug: false

cilium_mtu: ""
cilium_enable_ipv4: true
cilium_enable_ipv6: false

# Identity allocation mode selects how identities are shared between cilium
# nodes by setting how they are stored. The options are "crd" or "kvstore".
# - "crd" stores identities in kubernetes as CRDs (custom resource definition).
#   These can be queried with:
#     `kubectl get ciliumid`
# - "kvstore" stores identities in an etcd kvstore.
# - In order to support External Workloads, "crd" is required
#   - Ref: https://docs.cilium.io/en/stable/gettingstarted/external-workloads/#setting-up-support-for-external-workloads-beta
# - KVStore operations are only required when cilium-operator is running with any of the below options:
#   - --synchronize-k8s-services
#   - --synchronize-k8s-nodes
#   - --identity-allocation-mode=kvstore
#   - Ref: https://docs.cilium.io/en/stable/internals/cilium_operator/#kvstore-operations
cilium_identity_allocation_mode: kvstore

# Etcd SSL dirs
cilium_cert_dir: /etc/cilium/certs
kube_etcd_cacert_file: ca.pem
kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem

# Limits for apps
cilium_memory_limit: 500M
cilium_cpu_limit: 500m
cilium_memory_requests: 64M
cilium_cpu_requests: 100m

# Overlay Network Mode
cilium_tunnel_mode: vxlan
# Optional features
cilium_enable_prometheus: false
# Enable if you want to make use of hostPort mappings
cilium_enable_portmap: false
# Monitor aggregation level (none/low/medium/maximum)
cilium_monitor_aggregation: medium
# Kube Proxy Replacement mode (strict/probe/partial)
cilium_kube_proxy_replacement: probe

# If upgrading from Cilium < 1.5, you may want to override some of these options
# to prevent service disruptions. See also:
# http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action
cilium_preallocate_bpf_maps: false
cilium_tofqdns_enable_poller: false
cilium_enable_legacy_services: false

# Deploy cilium even if kube_network_plugin is not cilium.
# This enables to deploy cilium alongside another CNI to replace kube-proxy.
cilium_deploy_additionally: false

# Auto direct nodes routes can be used to advertise pods routes in your cluster
# without any tunelling (with `cilium_tunnel_mode` sets to `disabled`).
# This works only if you have a L2 connectivity between all your nodes.
# You wil also have to specify the variable `cilium_native_routing_cidr` to
# make this work. Please refer to the cilium documentation for more
# information about this kind of setups.
cilium_auto_direct_node_routes: false
cilium_native_routing_cidr: ""

# IPsec based transparent encryption between nodes
cilium_ipsec_enabled: false

# Hubble
### Enable Hubble without install
cilium_enable_hubble: false
### Enable Hubble Metrics
cilium_enable_hubble_metrics: false
### if cilium_enable_hubble_metrics: true
cilium_hubble_metrics: {}
# - dns
# - drop
# - tcp
# - flow
# - icmp
# - http
### Enable Hubble install
cilium_hubble_install: false
### Enable auto generate certs if cilium_hubble_install: true
cilium_hubble_tls_generate: false

# IP address management mode for v1.9+.
# https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
cilium_ipam_mode: kubernetes

# The address at which the cillium operator bind health check api
cilium_operator_api_serve_addr: "127.0.0.1:9234"

## A dictionary of extra config variables to add to cilium-config, formatted like:
##  cilium_config_extra_vars:
##    var1: "value1"
##    var2: "value2"
cilium_config_extra_vars: {}