cilium, helm: add helm option for host routing setting

Allow this knob to be configured for Helm users. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
cilium · Nov 17, 2020 · 3ce28c0 · 3ce28c0
1 parent bbd6886
commit 3ce28c0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/install/kubernetes/cilium/templates/cilium-configmap.yaml b/install/kubernetes/cilium/templates/cilium-configmap.yaml
@@ -230,6 +230,10 @@ data:
   bpf-map-dynamic-size-ratio: {{ $defaultBpfMapDynamicSizeRatio | quote }}
 {{- end }}
 
+{{- if hasKey .Values.bpf "hostRouting" }}
+  enable-host-legacy-routing: {{ .Values.bpf.hostRouting | quote }}
+{{- end }}
+
 {{- if or $bpfCtTcpMax $bpfCtAnyMax }}
   # bpf-ct-global-*-max specifies the maximum number of connections
   # supported across all endpoints, split by protocol: tcp or other. One pair

diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml
@@ -222,6 +222,12 @@ bpf:
   # TODO: Add documentation
   #masquerade: true
 
+  # hostRouting defines whether direct routing mode should route traffic via
+  # host stack (true) or directly and more efficiently out of BPF (false) if
+  # the kernel supports it. The latter has the implication that it will also
+  # bypass netfilter in the host namespace.
+  #hostRouting: true
+
   # tproxy enables the use of eBPF-based TPROXY to reduce reliance on iptables
   # rules for implementing Layer 7 policy.
   # tproxy: true