charts/.vib/cilium/runtime-parameters.yaml

aws:
  enabled: true
gcp:
  enabled: false
agent:
  enableENI: true
  cniPlugin:
    install: true
    uninstall: true
  enablePprof: true
  containerSecurityContext:
    enabled: true
    runAsUser: 0
    allowPrivilegeEscalation: true
    privileged: true
  containerPorts:
    health: 9879
    pprof: 6060
    hubblePeer: 4244
    metrics: 9962
    hubbleMetrics: 9965
  priorityClassName: ""
  serviceAccount:
    create: true
    automountServiceAccountToken: true
  metrics:
    enabled: true
    service:
      port: 9962
operator:
  metrics:
    enabled: true
envoy:
  metrics:
    enabled: true
hubble:
  tls:
    enabled: true
    autoGenerated:
      enabled: true
      engine: helm
  peers:
    service:
      port: 4244
    metrics:
      enabled: true
      service:
        port: 9965
  relay:
    enabled: true
    metrics:
      enabled: true
  ui:
    enabled: true
    service:
      ports:
        http: 80
      type: LoadBalancer
extraDeploy:
- |
  apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    name: deployment-restart
    namespace: "{{ include "common.names.namespace" . }}"
  rules:
    - apiGroups: ["apps"]
      resources: ["deployments"]
      verbs: ["get", "update", "patch"]
    - apiGroups: ["apps"]
      resources: ["daemonsets"]
      verbs: ["get", "list", "watch"]
    - apiGroups: [""]
      resources: ["pods"]
      verbs: ["get", "list"]
  ---
  apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    name: deployment-restart
    namespace: {{ include "common.names.namespace" . }}
  subjects:
  - kind: ServiceAccount
    name: deployment-restarter
    namespace: {{ include "common.names.namespace" . }}
  roleRef:
    kind: Role
    name: deployment-restart
  ---
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: deployment-restarter
    namespace: {{ include "common.names.namespace" . }}
  ---
  apiVersion: batch/v1
  kind: Job
  metadata:
    name: deployment-restarter
    namespace: {{ include "common.names.namespace" . }}
  spec:
    template:
      spec:
        automountServiceAccountToken: true
        serviceAccountName: deployment-restarter
        restartPolicy: OnFailure
        containers:
          - name: kubectl
            image: docker.io/bitnami/kubectl:latest
            command:
              - /bin/bash
            args:
              - -ec
              - |
                set -o errexit
                set -o nounset
                set -o pipefail

                kubectl rollout status --namespace {{ include "common.names.namespace" . }} daemonset {{ include "cilium.agent.fullname" . }}
                echo "Cilium agents are ready"
                kubectl rollout restart deployment --namespace {{ include "common.names.namespace" . }} {{ include "cilium.hubble.relay.fullname" . }}
                kubectl rollout restart deployment --namespace {{ include "common.names.namespace" . }} {{ include "cilium.hubble.ui.fullname" . }}