cilium helm

Cilium is a networking, security, and observability solution for Kubernetes, built on eBPF. It provides high-performance networking with support for Layer 3-7 policies, load balancing, and transparent encryption. With Cilium, you can enforce fine-grained security policies, observe network flows in real time, and integrate seamlessly with service meshes. It also offers eBPF-powered network policies and cluster mesh capabilities, enabling secure communication across multiple Kubernetes clusters.

More popular helm chart found

cilium from astrateam-net/oci-charts/cilium is more popular with 122 repositories.

Install

Install with:

helm repo add cilium https://helm.cilium.io/
helm install cilium cilium/cilium -f values.yaml

Examples

See examples from other people.

Top Repositories (5 out of 105)

NameRepoStarsVersionTimestamp
ciliumgabe565/home-ops311.19.125 days ago
ciliummchestr/home-cluster1571.19.1a month ago
ciliumlarivierec/home-cluster1451.19.1a month ago
ciliumgavinmcfall/home-ops351.19.1a month ago
ciliumJJGadgets/Biohazard831.19.0a month ago

Values

See the most popular values for this chart:

KeyTypes
hubble.enabled (63)
true
boolean
hubble.relay.enabled (62)
true
boolean
hubble.relay.prometheus.serviceMonitor.enabled (56)
true
boolean, string
hubble.relay.prometheus.enabled (6)
true
boolean
hubble.relay.rollOutPods (55)
true
boolean
hubble.relay.replicas (2)
number
hubble.relay.nodeSelector."kubernetes.io/hostname" (1)
string
hubble.relay.podLabels."policy.gabe565.com/egress-namespace" (1)
string
hubble.relay.podLabels."policy.gabe565.com/egress-nodes" (1)
string
hubble.relay.podLabels."policy.gabe565.com/ingress-namespace" (1)
string
hubble.relay.priorityClassName (1)
string
hubble.relay.tls.server.enabled (1)
boolean
hubble.ui.enabled (61)
true
boolean
hubble.ui.rollOutPods (55)
true
boolean
hubble.ui.ingress.enabled (50)
true
boolean
hubble.ui.ingress.hosts[] (47)
- hubble.${SECRET_DOMAIN}
string
hubble.ui.ingress.className (43)
internal
string
hubble.ui.ingress.tls[].hosts[] (29)
- hubble.${SECRET_DOMAIN}
string
hubble.ui.ingress.tls[].secretName (10)
hubble-tls
string
hubble.ui.ingress.annotations."cert-manager.io/cluster-issuer" (8)
letsencrypt-production
string
hubble.ui.ingress.annotations."gethomepage.dev/enabled" (7)
true
string
hubble.ui.ingress.annotations."gethomepage.dev/group" (7)
Observability
string
hubble.ui.ingress.annotations."gethomepage.dev/icon" (7)
cilium.png
string
hubble.ui.ingress.annotations."gethomepage.dev/name" (7)
Hubble
string
hubble.ui.ingress.annotations."hajimari.io/icon" (7)
simple-icons:cilium
string
hubble.ui.ingress.annotations."gethomepage.dev/description" (6)
string
hubble.ui.ingress.annotations."hajimari.io/appName" (3)
string
hubble.ui.ingress.annotations."hajimari.io/group" (3)
string
hubble.ui.ingress.annotations."nginx.ingress.kubernetes.io/auth-signin" (3)
string
hubble.ui.ingress.annotations."nginx.ingress.kubernetes.io/auth-snippet" (3)
string
hubble.ui.ingress.annotations."nginx.ingress.kubernetes.io/auth-url" (3)
string
hubble.ui.ingress.annotations."external-dns.alpha.kubernetes.io/hostname" (2)
string
hubble.ui.ingress.annotations."external-dns.alpha.kubernetes.io/target" (2)
string
hubble.ui.ingress.annotations."kubernetes.io/ingress.class" (2)
string
hubble.ui.ingress.annotations."nginx.ingress.kubernetes.io/auth-response-headers" (2)
string
hubble.ui.ingress.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" (2)
string
hubble.ui.ingress.annotations."gethomepage.dev/href" (1)
string
hubble.ui.ingress.annotations."gethomepage.dev/weight" (1)
string
hubble.ui.ingress.annotations.glance/description (1)
string
hubble.ui.ingress.annotations.glance/icon (1)
string
hubble.ui.ingress.annotations.glance/internal (1)
string
hubble.ui.ingress.annotations."hajimari.io/enable" (1)
string
hubble.ui.ingress.annotations."haproxy.org/allow-list" (1)
string
hubble.ui.ingress.annotations."haproxy.org/response-set-header" (1)
string
hubble.ui.ingress.annotations."kubernetes.io/tls-acme" (1)
string
hubble.ui.ingress.annotations."nginx.ingress.kubernetes.io/auth-method" (1)
string
hubble.ui.ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
string
hubble.ui.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1)
string
hubble.ui.ingress.ingressClassName (1)
string
hubble.ui.replicas (2)
number
hubble.ui.nodeSelector."kubernetes.io/hostname" (1)
string
hubble.ui.podLabels."policy.gabe565.com/egress-namespace" (1)
string
hubble.ui.podLabels."policy.gabe565.com/egress-nodes" (1)
string
hubble.ui.podLabels."policy.gabe565.com/ingress-envoy-public" (1)
string
hubble.metrics.enabled[] (60)
- dns:query
- drop
- tcp
- flow
- port-distribution
- icmp
- http
string
hubble.metrics.serviceMonitor.enabled (58)
true
boolean, string
hubble.metrics.serviceMonitor.interval (2)
string
hubble.metrics.serviceMonitor.labels.release (1)
string
hubble.metrics.serviceMonitor.metricRelabelings[].action (1)
string
hubble.metrics.serviceMonitor.metricRelabelings[].regex (1)
string
hubble.metrics.serviceMonitor.metricRelabelings[].sourceLabels[] (1)
string
hubble.metrics.serviceMonitor.relabelings[].action (1)
string
hubble.metrics.serviceMonitor.relabelings[].regex (1)
string
hubble.metrics.serviceMonitor.relabelings[].replacement (1)
string
hubble.metrics.serviceMonitor.relabelings[].sourceLabels[] (1)
string
hubble.metrics.serviceMonitor.relabelings[].targetLabel (1)
string
hubble.metrics.dashboards.enabled (54)
true
boolean, string
hubble.metrics.dashboards.annotations.grafana_folder (34)
Cilium
string
hubble.metrics.dashboards.annotations."grafana.io/folder" (1)
string
hubble.metrics.dashboards.label (3)
string
hubble.metrics.dashboards.labelValue (3)
string
hubble.metrics.dashboards.namespace (3)
monitoring
string
hubble.dashboards.enabled (6)
true
boolean
hubble.dashboards.namespace (4)
monitoring
string
hubble.dashboards.label (3)
grafana_dashboard
string
hubble.dashboards.labelValue (3)
1
string
hubble.dashboards.annotations.grafana_folder (2)
string
hubble.serviceMonitor.enabled (5)
true
boolean
hubble.tls.auto.method (3)
string
hubble.tls.auto.certValidityDuration (2)
number
hubble.tls.auto.enabled (2)
boolean
hubble.tls.auto.schedule (2)
string
hubble.tls.auto.certManagerIssuerRef.group (1)
string
hubble.tls.auto.certManagerIssuerRef.kind (1)
string
hubble.tls.auto.certManagerIssuerRef.name (1)
string
hubble.tls.insecure (2)
boolean
hubble.tls.enabled (1)
boolean
hubble.operator.prometheus.serviceMonitor.enabled (2)
boolean
hubble.prometheus.serviceMonitor.enabled (2)
boolean
hubble.dropEventEmitter.enabled (1)
boolean
hubble.dropEventEmitter.reasons[] (1)
string
hubble.eventQueueSize (1)
string
hubble.export.dynamic.config.content[].excludeFilters[].destination_ip[] (1)
string
hubble.export.dynamic.config.content[].excludeFilters[].destination_port[] (1)
string
hubble.export.dynamic.config.content[].excludeFilters[].protocol[] (1)
string
hubble.export.dynamic.config.content[].filePath (1)
string
hubble.export.dynamic.config.content[].includeFilters[].verdict[] (1)
string
hubble.export.dynamic.config.content[].name (1)
string
hubble.export.dynamic.enabled (1)
boolean
hubble.networkPolicyCorrelation.enabled (1)
boolean
prometheus.enabled (56)
true
boolean, string
prometheus.serviceMonitor.enabled (54)
true
boolean, string
prometheus.serviceMonitor.trustCRDsExist (45)
true
boolean
prometheus.relay.enabled (1)
boolean
prometheus.relay.prometheus.serviceMonitor.enabled (1)
boolean
prometheus.trustCRDsExist (1)
boolean
operator.prometheus.serviceMonitor.enabled (53)
true
boolean, string
operator.prometheus.enabled (52)
true
boolean, string
operator.dashboards.enabled (48)
true
boolean
operator.dashboards.annotations.grafana_folder (37)
Cilium
string
operator.dashboards.annotations."grafana.io/folder" (1)
string
operator.dashboards.label (1)
string
operator.dashboards.labelValue (1)
string
operator.dashboards.namespace (1)
string
operator.replicas (31)
1
number
operator.rollOutPods (27)
true
boolean
operator.nodeSelector."kubernetes.io/hostname" (1)
string
operator.priorityClassName (1)
string
dashboards.enabled (49)
true
boolean
dashboards.annotations.grafana_folder (37)
Cilium
string
dashboards.annotations."grafana.io/folder" (1)
string
dashboards.label (1)
string
dashboards.labelValue (1)
string
kubeProxyReplacement (39)
true
boolean, string
k8sServiceHost (38)
127.0.0.1
string
k8sServicePort (38)
6443
number, string
ipam.mode (37)
kubernetes
string
ipam.operator.clusterPoolIPv4MaskSize (2)
number
ipam.operator.clusterPoolIPv4PodCIDRList[] (2)
string
ipam.operator.clusterPoolIPv4PodCIDRList (1)
string
ipam.operator.clusterPoolIPv6MaskSize (1)
number
ipam.operator.clusterPoolIPv6PodCIDRList[] (1)
string
rollOutCiliumPods (31)
true
boolean
cluster.id (29)
1
number
cluster.name (29)
home-cluster
string
ipv4NativeRoutingCIDR (29)
${CLUSTER_CIDR}
string
kubeProxyReplacementHealthzBindAddr (29)
0.0.0.0:10256
string
l2announcements.enabled (29)
true
boolean
l2announcements.leaseDuration (13)
120s
string
l2announcements.leaseRenewDeadline (13)
60s
string
l2announcements.leaseRetryPeriod (13)
1s
string
localRedirectPolicy (29)
true
boolean
loadBalancer.mode (27)
dsr
string
loadBalancer.algorithm (26)
maglev
string
loadBalancer.acceleration (3)
string
loadBalancer.protocolDifferentiation.enabled (2)
boolean
loadBalancer.enabled (1)
boolean
loadBalancer.l7.backend (1)
string
loadBalancer.standalone (1)
boolean
autoDirectNodeRoutes (26)
true
boolean
endpointRoutes.enabled (26)
true
boolean
bpf.masquerade (25)
true
boolean
bpf.preallocateMaps (9)
true
boolean
bpf.datapathMode (7)
netkit
string
bpf.tproxy (4)
true
boolean
bpf.events.trace.enabled (2)
boolean
bpf.hostLegacyRouting (2)
boolean
bpf.monitorInterval (2)
string
bpf.vlanBypass[] (2)
number
bpf.distributedLRU.enabled (1)
boolean
bpf.lbExternalClusterIP (1)
boolean
bpf.mapDynamicSizeRatio (1)
number
bpf.policyMapMax (1)
number
securityContext.capabilities.ciliumAgent[] (25)
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
string
securityContext.capabilities.cleanCiliumState[] (25)
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
string
securityContext.capabilities.applySysctlOverwrites[] (1)
string
securityContext.capabilities.mountCgroup[] (1)
string
securityContext.privileged (12)
true
boolean
routingMode (24)
native
string
cgroup.hostRoot (18)
/sys/fs/cgroup
string
cgroup.automount.enabled (12)
false
boolean
cgroup.autoMount.enabled (6)
false
boolean
bgpControlPlane.enabled (17)
true
boolean
bgpControlPlane.secretsNamespace.create (1)
boolean
bgpControlPlane.secretsNamespace.name (1)
string
bgpControlPlane.v2Enabled (1)
boolean
envoy.enabled (17)
false
boolean
envoy.prometheus.serviceMonitor.enabled (5)
true
boolean, string
envoy.prometheus.enabled (1)
boolean
envoy.rollOutPods (5)
true
boolean
envoy.secretsNamespace.create (1)
boolean
cni.exclusive (12)
false
boolean
cni.binPath (4)
/var/lib/rancher/k3s/data/cni
string
cni.confPath (4)
/var/lib/rancher/k3s/agent/etc/cni/net.d
string
socketLB.hostNamespaceOnly (12)
true
boolean
socketLB.enabled (4)
true
boolean
gatewayAPI.enabled (11)
false
boolean
gatewayAPI.enableAlpn (6)
true
boolean
gatewayAPI.xffNumTrustedHops (3)
1
number
gatewayAPI.enableAppProtocol (2)
boolean
gatewayAPI.secretsNamespace.create (2)
boolean
gatewayAPI.secretsNamespace.name (2)
string
gatewayAPI.secretsNamespace.sync (2)
boolean
containerRuntime.socketPath (10)
/var/run/k3s/containerd/containerd.sock
string
containerRuntime.integration (9)
containerd
string
bgp.enabled (8)
false
boolean
bgp.announce.loadbalancerIP (2)
boolean
bandwidthManager.bbr (7)
true
boolean
bandwidthManager.enabled (7)
true
boolean
ipv6.enabled (7)
true
boolean
tunnel (6)
disabled
string
devices (5)
string
enableIPv4BIGTCP (4)
boolean
ipv6NativeRoutingCIDR (4)
string
k8sClientRateLimit.burst (4)
number
k8sClientRateLimit.qps (4)
number
l7Proxy (4)
true
boolean
devices[] (3)
string
externalIPs.enabled (3)
true
boolean
ingressController.enabled (3)
boolean
ingressController.default (1)
boolean
ingressController.defaultSecretName (1)
string
ingressController.loadbalancerMode (1)
string
bpfClockProbe (2)
boolean
clustermesh.apiserver.kvstoremesh.enabled (2)
boolean
clustermesh.apiserver.service.type (2)
string
clustermesh.apiserver.service.loadBalancerIP (1)
string
clustermesh.apiserver.nodeSelector."kubernetes.io/hostname" (1)
string
clustermesh.config.enabled (2)
boolean
clustermesh.enableMCSAPISupport (2)
boolean
clustermesh.useAPIServer (2)
boolean
enableIPv6Masquerade (2)
boolean
clusterPoolIPv4MaskSize (1)
number
disableEndpointCRD (1)
boolean
dnsProxy.dnsRejectResponseCode (1)
string
enableRuntimeDeviceDetection (1)
boolean
"externalIPs.enabled" (1)
boolean
extraConfig.enable-ipv6-ndp (1)
string
extraConfig.ipv6-mcast-device (1)
string
extraConfig.ipv6-service-range (1)
string
global.encryption.enabled (1)
boolean
global.encryption.nodeEncryption (1)
boolean
ipv4.enabled (1)
boolean
"loadBalancer.algorithm" (1)
string
manageCRDs (1)
boolean
metrics.disableAuth (1)
boolean
monitor.enabled (1)
string
nativeRoutingCIDR (1)
string
pmtuDiscovery.enabled (1)
boolean
policyEnforcementMode (1)
string
priorityClassName (1)
string
proxy.prometheus.enabled (1)
boolean
replicaCount (1)
number
resources.limits.cpu (1)
string
resources.limits.memory (1)
string
resources.requests.cpu (1)
string
resources.requests.memory (1)
string
tunnelPort (1)
number
tunnelProtocol (1)
string
ubeProxyReplacementHealthzBindAddr (1)
string
wellKnownIdentities.enabled (1)
boolean