Cilium is a networking, security, and observability solution for Kubernetes, built on eBPF. It provides high-performance networking with support for Layer 3-7 policies, load balancing, and transparent encryption. With Cilium, you can enforce fine-grained security policies, observe network flows in real time, and integrate seamlessly with service meshes. It also offers eBPF-powered network policies and cluster mesh capabilities, enabling secure communication across multiple Kubernetes clusters.
Install with:
helm repo add cilium https://helm.cilium.io/
helm install cilium cilium/cilium -f values.yaml
See examples from other people.
Name | Repo | Stars | Version | Timestamp |
---|---|---|---|---|
cilium | bjw-s-labs/home-ops | 675 | 1.17.4 | a day ago |
cilium | bjw-s/home-ops | 395 | 1.17.4 | a day ago |
cilium | billimek/k8s-gitops | 705 | 1.17.4 | 2 days ago |
cilium | budimanjojo/home-cluster | 196 | 1.17.3 | 2 days ago |
cilium | larivierec/home-cluster | 115 | 1.17.4 | 2 days ago |
See the most popular values for this chart:
Key | Types |
---|---|
boolean | |
hubble.ui.ingress.hosts[] (90) - hubble.${SECRET_DOMAIN} | string |
boolean | |
hubble.ui.ingress.className (84) internal | string |
hubble.ui.ingress.tls[].hosts[] (52) - hubble.${SECRET_DOMAIN} | string |
hubble.ui.ingress.tls[].secretName (15) hubble-tls | string |
hubble.ui.ingress.annotations."hajimari.io/icon" (14) simple-icons:cilium | string |
hubble.ui.ingress.annotations."cert-manager.io/cluster-issuer" (12) letsencrypt-production | string |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
hubble.ui.ingress.annotations."nginx.ingress.kubernetes.io/auth-response-headers" (5) Remote-User,Remote-Name,Remote-Groups,Remote-Email | string |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
boolean | |
number | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
boolean | |
boolean, string | |
boolean | |
boolean | |
string | |
string | |
string | |
number | |
hubble.metrics.enabled[] (90) - dns:query | string |
boolean, string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
string | |
boolean, string | |
string | |
string | |
string | |
string | |
string | |
boolean | |
boolean | |
boolean | |
boolean | |
string | |
hubble.dashboards.namespace (6) monitoring | string |
hubble.dashboards.label (5) grafana_dashboard | string |
string | |
string | |
number | |
boolean | |
string | |
string | |
string | |
string | |
boolean | |
boolean | |
boolean | |
string | |
boolean | |
boolean | |
boolean | |
boolean, string | |
boolean, string | |
boolean | |
string | |
string | |
string | |
string | |
string | |
number | |
boolean | |
boolean | |
boolean, string | |
boolean | |
boolean, string | |
boolean | |
boolean | |
boolean | |
string | |
string | |
string | |
string | |
ipam.mode (54) kubernetes | string |
number | |
string | |
number | |
string | |
boolean, string | |
k8sServiceHost (47) 127.0.0.1 | string |
number, string | |
boolean | |
boolean | |
ipv4NativeRoutingCIDR (41) ${CLUSTER_CIDR} | string |
boolean | |
number, string | |
cluster.name (40) home-cluster | string |
string | |
string | |
string | |
string | |
boolean | |
boolean | |
boolean | |
boolean | |
kubeProxyReplacementHealthzBindAddr (39) 0.0.0.0:10256 | string |
boolean | |
string | |
string | |
string | |
boolean | |
bpf.tproxy (7) true | boolean |
boolean | |
string | |
boolean | |
string | |
number | |
number | |
routingMode (36) native | string |
securityContext.capabilities.ciliumAgent[] (32) - CHOWN | string |
securityContext.capabilities.cleanCiliumState[] (32) - NET_ADMIN | string |
string | |
string | |
boolean | |
cgroup.hostRoot (30) /sys/fs/cgroup | string |
boolean | |
boolean | |
string | |
boolean | |
boolean | |
string | |
boolean | |
cni.exclusive (18) false | boolean |
cni.binPath (5) /var/lib/rancher/k3s/data/cni | string |
cni.confPath (5) /var/lib/rancher/k3s/agent/etc/cni/net.d | string |
containerRuntime.integration (18) containerd | string |
containerRuntime.socketPath (17) /var/run/k3s/containerd/containerd.sock | string |
bgp.enabled (16) false | boolean |
boolean | |
boolean | |
envoy.enabled (15) false | boolean |
string, boolean | |
boolean | |
boolean | |
boolean | |
boolean | |
tunnel (10) disabled | string |
boolean | |
boolean | |
boolean | |
string | |
string | |
boolean | |
boolean | |
number | |
boolean | |
boolean | |
string | |
boolean | |
l7Proxy (5) true | boolean |
boolean | |
boolean | |
string | |
boolean | |
boolean | |
boolean | |
string | |
string | |
boolean | |
boolean | |
boolean | |
string | |
number | |
number | |
boolean | |
boolean | |
boolean | |
boolean | |
string | |
boolean | |
boolean | |
boolean | |
boolean | |
boolean | |
boolean | |
boolean | |
string | |
string | |
string | |
boolean | |
boolean | |
string | |
boolean | |
string | |
string | |
string | |
string | |
number | |
string |