cilium: add defaults

Author: rarescosma

config/common/group_vars/k8s_cluster/ck8s-cilium.yaml

@@ -0,0 +1,36 @@
+ck8s_cilium:
+  # policyEnforcementMode: Determine whether an endpoint accepts traffic from a source or not
+  #
+  # Has three options:
+  # - default: endpoints have unrestricted network access until selected by policy
+  # - always: policy enforcement is enabled on all endpoints even if no rules select specific endpoints.
+  # - never: All traffic is allowed from any source (on ingress) or destination (on egress)
+  policyEnforcementMode: default
+  # When policyAuditMode is true, no network policy is enforced.
+  # This feature helps to validate the impact of host policies before enforcing them.
+  policyAuditMode: false
+  operator:
+    unmanagedPodWatcher:
+      restart: true
+    monitoring:
+      enabled: true
+      installServiceMonitor: false
+  wireguard:
+    enabled: true
+    strictMode: false
+  hubble:
+    enabled: true
+    monitoring:
+      installServiceMonitor: false
+    metrics:
+      - dns
+      - drop
+      - tcp
+      - flow
+      - icmp
+      - http
+  prometheus:
+    enabled: true
+    installServiceMonitor: false
+  envoy:
+    enabled: false