Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm: Add support for disable-endpoint-crd option #16226

Merged
merged 1 commit into from
May 27, 2021
Merged

helm: Add support for disable-endpoint-crd option #16226

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions install/kubernetes/cilium/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ contributors across the globe, there is almost always someone available to help.
| daemon.runPath | string | `"/var/run/cilium"` | Configure where Cilium runtime state should be stored. |
| datapathMode | string | `"veth"` | Configure which datapath mode should be used for configuring container connectivity. Valid options are "veth" or "ipvlan". |
| debug.enabled | bool | `false` | Enable debug logging |
| disableEndpointCRD | string | `"false"` | Disable the usage of CiliumEndpoint CRD |
| egressGateway | object | `{"enabled":false}` | Enables egress gateway (beta) to redirect and SNAT the traffic that leaves the cluster. |
| enableCnpStatusUpdates | bool | `false` | Specify which network interfaces can run the eBPF datapath. This means that a packet sent from a pod to a destination outside the cluster will be masqueraded (to an output device IPv4 address), if the output device runs the program. When not specified, probing will automatically detect devices. devices: "" TODO: Add documentation disableIptablesFeederRules: "" TODO: Add documentation egressMasqueradeInterfaces: "" |
| enableCriticalPriorityClass | bool | `true` | Explicitly enable or disable priority class. .Capabilities.KubeVersion is unsettable in `helm template` calls, it depends on k8s libriaries version that Helm was compiled against. This option allows to explicitly disable setting the priority class, which is useful for rendering charts for gke clusters in advance. |
Expand Down
5 changes: 5 additions & 0 deletions install/kubernetes/cilium/templates/cilium-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,11 @@ data:
cilium-endpoint-gc-interval: "{{ .Values.operator.endpointGCInterval }}"
{{- end }}

{{- if hasKey .Values "disableEndpointCRD" }}
# Disable the usage of CiliumEndpoint CRD
disable-endpoint-crd: "{{ .Values.disableEndpointCRD }}"
{{- end }}

{{- if hasKey .Values "identityChangeGracePeriod" }}
# identity-change-grace-period is the grace period that needs to pass
# before an endpoint that has changed its identity will start using
Expand Down
7 changes: 5 additions & 2 deletions install/kubernetes/cilium/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ serviceAccounts:
annotations: {}
preflight:
create: true
name: cilium-pre-flight
name: cilium-pre-flight
annotations: {}
relay:
create: true
Expand Down Expand Up @@ -1066,6 +1066,9 @@ tls:
# - geneve
tunnel: "vxlan"

# -- Disable the usage of CiliumEndpoint CRD
disableEndpointCRD: "false"

wellKnownIdentities:
# -- Enable the use of well-known identities.
enabled: false
Expand Down Expand Up @@ -1205,7 +1208,7 @@ operator:

# -- For using with an existing serviceAccount.
serviceAccountName: cilium-operator

# -- cilium-operator priorityClassName
priorityClassName: ""

Expand Down