@@ -73,7 +73,8 @@ import "k8s.io/api/core/v1"
7373 // Users who wish to specify their own custom CNI configuration file must set
7474 // custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
7575 " custom-cni-conf " : " false "
76- " enable-bpf-clock-probe " : " false "
76+ " enable-bpf-clock-probe " : " true "
77+ " enable-bpf-tproxy " : " true "
7778 // If you want cilium monitor to aggregate tracing for packets, set this level
7879 // to "low", "medium", or "maximum". The higher the level, the less packets
7980 // that will be seen in monitor output.
@@ -126,38 +127,47 @@ import "k8s.io/api/core/v1"
126127 //
127128 // If this option is set to "false" during an upgrade from 1.3 or earlier to
128129 // 1.4 or later, then it may cause one-time disruptions during the upgrade.
129- " preallocate-bpf-maps " : " false "
130+ " preallocate-bpf-maps " : " true "
130131
131132 // Name of the cluster. Only relevant when building a mesh of clusters.
132133 " cluster-name " : " default "
133134 // Unique ID of the cluster. Must be unique across all conneted clusters and
134135 // in the range of 1 and 255. Only relevant when building a mesh of clusters.
135136 " cluster-id " : " 0 "
136137
138+ " routing-mode " : " native "
137139 // Encapsulation mode for communication between nodes
138140 // Possible values:
139141 // - disabled
140142 // - vxlan (default)
141143 // - geneve
142- " routing-mode " : " tunnel "
143144 " tunnel-protocol " : " vxlan "
144145 " tunnel-source-port-range " : " 0-0 "
145146 " service-no-backend-response " : " reject "
146147
147148 // Enables L7 proxy for L7 policy enforcement and visibility
148- " enable-l7-proxy " : " true "
149- " enable-ipv4-masquerade " : " true "
150- " enable-ipv4-big-tcp " : " false "
151- " enable-ipv6-big-tcp " : " false "
152- " enable-ipv6-masquerade " : " true "
153- " enable-tcx " : " true "
154- " datapath-mode " : " veth "
149+ " enable-l7-proxy " : " true "
150+ " enable-ipv4-masquerade " : " true "
151+ " enable-ipv4-big-tcp " : " true "
152+ " enable-ipv6-big-tcp " : " true "
153+ " enable-ipv6-masquerade " : " true "
154+ " enable-tcx " : " true "
155+ " datapath-mode " : " netkit "
156+ // Doesn't work for some reason.
157+ //
158+ // https://github.com/cilium/cilium/issues/32489
159+ " enable-bpf-masquerade " : " false "
155160 " enable-masquerade-to-route-source " : " false "
156161 " enable-xt-socket-fallback " : " true "
157162 " install-no-conntrack-iptables-rules " : " false "
158163 " iptables-random-fully " : " false "
159- " auto-direct-node-routes " : " false "
164+ " auto-direct-node-routes " : " true "
160165 " direct-routing-skip-unreachable " : " false "
166+ " enable-bandwidth-manager " : " true "
167+ " enable-bbr " : " true "
168+ " enable-bbr-hostns-only " : " false "
169+ " enable-local-redirect-policy " : " true "
170+ " ipv4-native-routing-cidr " : " 10.244.0.0/16 "
161171 " kube-proxy-replacement " : " true "
162172 " kube-proxy-replacement-healthz-bind-address " : " "
163173 " bpf-lb-sock " : " false "
@@ -166,11 +176,14 @@ import "k8s.io/api/core/v1"
166176 " enable-health-check-loadbalancer-ip " : " false "
167177 " node-port-bind-protection " : " true "
168178 " enable-auto-protect-node-port-range " : " true "
179+ " bpf-lb-mode " : " dsr "
180+ " bpf-lb-algorithm " : " maglev "
169181 " bpf-lb-acceleration " : " disabled "
170182 " enable-svc-source-range-check " : " true "
171183 " enable-l2-neigh-discovery " : " false "
172184 " k8s-require-ipv4-pod-cidr " : " false "
173185 " k8s-require-ipv6-pod-cidr " : " false "
186+ " enable-endpoint-routes " : " true "
174187 " enable-k8s-networkpolicy " : " true "
175188 " enable-endpoint-lockdown-on-policy-overflow " : " false "
176189
0 commit comments