COMPUTED VALUES: MTU: 0 affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: cilium topologyKey: kubernetes.io/hostname agent: true agentNotReadyTaintKey: node.cilium.io/agent-not-ready aksbyocni: enabled: false alibabacloud: enabled: false annotateK8sNode: false authentication: enabled: true gcInterval: 5m0s mutual: port: 4250 spire: adminSocketPath: /run/spire/sockets/admin.sock agentSocketPath: /run/spire/sockets/agent/agent.sock connectionTimeout: 30s enabled: false install: agent: affinity: {} annotations: {} image: ghcr.io/spiffe/spire-agent:1.6.3@sha256:8eef9857bf223181ecef10d9bbcd2f7838f3689e9bd2445bede35066a732e823 labels: {} nodeSelector: {} podSecurityContext: {} securityContext: {} serviceAccount: create: true name: spire-agent skipKubeletVerification: true tolerations: - effect: NoSchedule key: node.kubernetes.io/not-ready - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized value: "true" - key: CriticalAddonsOnly operator: Exists enabled: true namespace: cilium-spire server: affinity: {} annotations: {} ca: keyType: rsa-4096 subject: commonName: Cilium SPIRE CA country: US organization: SPIRE dataStorage: accessMode: ReadWriteOnce enabled: true size: 1Gi storageClass: null image: ghcr.io/spiffe/spire-server:1.6.3@sha256:f4bc49fb0bd1d817a6c46204cc7ce943c73fb0a5496a78e0e4dc20c9a816ad7f initContainers: [] labels: {} nodeSelector: {} service: annotations: {} labels: {} type: ClusterIP serviceAccount: create: true name: spire-server tolerations: [] serverAddress: null trustDomain: spiffe.cilium queueSize: 1024 rotatedIdentitiesQueueSize: 1024 autoDirectNodeRoutes: false azure: enabled: false bandwidthManager: bbr: false enabled: false bgp: announce: loadbalancerIP: false podCIDR: false enabled: false bgpControlPlane: enabled: false bpf: authMapMax: null autoMount: enabled: true ctAnyMax: null ctTcpMax: null hostLegacyRouting: null lbExternalClusterIP: false lbMapMax: 65536 mapDynamicSizeRatio: null masquerade: null monitorAggregation: medium monitorFlags: all monitorInterval: 5s natMax: null neighMax: null policyMapMax: 16384 preallocateMaps: false root: /sys/fs/bpf tproxy: null vlanBypass: null bpfClockProbe: false certgen: annotations: cronJob: {} job: {} extraVolumeMounts: [] extraVolumes: [] image: digest: sha256:89a0847753686444daabde9474b48340993bd19c7bea66a46e45b2974b82041f override: null pullPolicy: IfNotPresent repository: quay.io/cilium/certgen tag: v0.1.9 useDigest: true podLabels: {} tolerations: [] ttlSecondsAfterFinished: 1800 cgroup: autoMount: enabled: true resources: {} hostRoot: /run/cilium/cgroupv2 cleanBpfState: false cleanState: false cluster: id: 0 name: default clustermesh: apiserver: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: clustermesh-apiserver topologyKey: kubernetes.io/hostname etcd: image: digest: sha256:795d8660c48c439a7c3764c2330ed9222ab5db5bb524d8d0607cac76f7ba82a3 override: null pullPolicy: IfNotPresent repository: quay.io/coreos/etcd tag: v3.5.4 useDigest: true init: resources: {} resources: {} securityContext: {} extraArgs: [] extraEnv: [] extraVolumeMounts: [] extraVolumes: [] image: digest: sha256:9af7cc0ed5ed9b98db347afcfc119399cae6df0744aff9193ebebe309c39ee8e override: null pullPolicy: IfNotPresent repository: quay.io/cilium/clustermesh-apiserver tag: v1.14.8 useDigest: true kvstoremesh: enabled: false extraArgs: [] extraEnv: [] extraVolumeMounts: [] image: digest: sha256:f865d9fbe31a175bc61d6bd1ef8a840f577add90042b3bf07c3d2b9775157249 override: null pullPolicy: IfNotPresent repository: quay.io/cilium/kvstoremesh tag: v1.14.8 useDigest: true resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL metrics: enabled: true etcd: enabled: false mode: basic port: 9963 kvstoremesh: enabled: true port: 9964 port: 9962 serviceMonitor: annotations: {} enabled: false etcd: interval: 10s metricRelabelings: null relabelings: null interval: 10s kvstoremesh: interval: 10s metricRelabelings: null relabelings: null labels: {} metricRelabelings: null relabelings: null nodeSelector: kubernetes.io/os: linux podAnnotations: {} podDisruptionBudget: enabled: false maxUnavailable: 1 minAvailable: null podLabels: {} podSecurityContext: {} priorityClassName: "" replicas: 1 resources: {} securityContext: {} service: annotations: {} externalTrafficPolicy: null internalTrafficPolicy: null nodePort: 32379 type: NodePort tls: admin: cert: "" key: "" authMode: legacy auto: certManagerIssuerRef: {} certValidityDuration: 1095 enabled: true method: helm ca: cert: "" key: "" client: cert: "" key: "" remote: cert: "" key: "" server: cert: "" extraDnsNames: [] extraIpAddresses: [] key: "" tolerations: [] topologySpreadConstraints: [] updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate config: clusters: [] domain: mesh.cilium.io enabled: false useAPIServer: false cni: binPath: /opt/cni/bin chainingMode: null chainingTarget: null confFileMountPath: /tmp/cni-configuration confPath: /etc/cni/net.d configMapKey: cni-config customConf: false exclusive: true hostConfDirMountPath: /host/etc/cni/net.d install: true logFile: /var/run/cilium/cilium-cni.log uninstall: false conntrackGCInterval: "" conntrackGCMaxInterval: "" containerRuntime: integration: none crdWaitTimeout: "" customCalls: enabled: false daemon: allowedConfigOverrides: null blockedConfigOverrides: null configSources: null runPath: /var/run/cilium dashboards: annotations: {} enabled: false label: grafana_dashboard labelValue: "1" namespace: null debug: enabled: false verbose: null disableEndpointCRD: false dnsPolicy: "" dnsProxy: dnsRejectResponseCode: refused enableDnsCompression: true endpointMaxIpPerHostname: 50 idleConnectionGracePeriod: 0s maxDeferredConnectionDeletes: 10000 minTtl: 0 preCache: "" proxyPort: 0 proxyResponseMaxDelay: 100ms egressGateway: enabled: false installRoutes: false reconciliationTriggerInterval: 1s enableCiliumEndpointSlice: false enableCnpStatusUpdates: false enableCriticalPriorityClass: true enableIPv4BIGTCP: false enableIPv4Masquerade: true enableIPv6BIGTCP: false enableIPv6Masquerade: true enableK8sEventHandover: false enableK8sTerminatingEndpoint: true enableRuntimeDeviceDetection: false enableXTSocketFallback: true encryption: enabled: false interface: "" ipsec: interface: "" keyFile: "" keyRotationDuration: 5m keyWatcher: true mountPath: "" secretName: "" keyFile: keys mountPath: /etc/ipsec nodeEncryption: false secretName: cilium-ipsec-keys type: ipsec wireguard: userspaceFallback: false endpointHealthChecking: enabled: true endpointRoutes: enabled: false endpointStatus: enabled: false status: "" eni: awsEnablePrefixDelegation: false awsReleaseExcessIPs: false ec2APIEndpoint: "" enabled: false eniTags: {} gcInterval: "" gcTags: {} iamRole: "" instanceTagsFilter: [] subnetIDsFilter: [] subnetTagsFilter: [] updateEC2AdapterLimitViaAPI: true envoy: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: cilium-envoy topologyKey: kubernetes.io/hostname connectTimeoutSeconds: 2 dnsPolicy: null enabled: false extraArgs: [] extraContainers: [] extraEnv: [] extraHostPathMounts: [] extraVolumeMounts: [] extraVolumes: [] healthPort: 9878 idleTimeoutDurationSeconds: 60 image: digest: sha256:39b75548447978230dedcf25da8940e4d3540c741045ef391a8e74dbb9661a86 override: null pullPolicy: IfNotPresent repository: quay.io/cilium/cilium-envoy tag: v1.26.7-bbde4095997ea57ead209f56158790d47224a0f5 useDigest: true livenessProbe: failureThreshold: 10 periodSeconds: 30 log: format: '[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v' path: "" maxConnectionDurationSeconds: 0 maxRequestsPerConnection: 0 nodeSelector: kubernetes.io/os: linux podAnnotations: {} podLabels: {} podSecurityContext: {} priorityClassName: null prometheus: enabled: true port: "9964" serviceMonitor: annotations: {} enabled: false interval: 10s labels: {} metricRelabelings: null relabelings: - replacement: ${1} sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: node readinessProbe: failureThreshold: 3 periodSeconds: 30 resources: {} rollOutPods: false securityContext: capabilities: envoy: - NET_ADMIN - SYS_ADMIN privileged: false seLinuxOptions: level: s0 type: spc_t startupProbe: failureThreshold: 105 periodSeconds: 2 terminationGracePeriodSeconds: 1 tolerations: - operator: Exists updateStrategy: rollingUpdate: maxUnavailable: 2 type: RollingUpdate envoyConfig: enabled: false secretsNamespace: create: true name: cilium-secrets etcd: clusterDomain: cluster.local enabled: false endpoints: - https://CHANGE-ME:2379 extraArgs: [] extraVolumeMounts: [] extraVolumes: [] image: digest: sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc override: null pullPolicy: IfNotPresent repository: quay.io/cilium/cilium-etcd-operator tag: v2.0.7 useDigest: true k8sService: false nodeSelector: kubernetes.io/os: linux podAnnotations: {} podDisruptionBudget: enabled: false maxUnavailable: 1 minAvailable: null podLabels: {} podSecurityContext: {} priorityClassName: "" resources: {} securityContext: {} ssl: false tolerations: - operator: Exists topologySpreadConstraints: [] updateStrategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate externalIPs: enabled: false externalWorkloads: enabled: false extraArgs: [] extraConfig: {} extraContainers: [] extraEnv: [] extraHostPathMounts: [] extraVolumeMounts: [] extraVolumes: [] gatewayAPI: enabled: false secretsNamespace: create: true name: cilium-secrets sync: true gke: enabled: false healthChecking: true healthPort: 9879 highScaleIPcache: enabled: false hostFirewall: enabled: false hostPort: enabled: false hubble: enabled: false listenAddress: :4244 metrics: dashboards: annotations: {} enabled: false label: grafana_dashboard labelValue: "1" namespace: null enableOpenMetrics: false enabled: null port: 9965 serviceAnnotations: {} serviceMonitor: annotations: {} enabled: false interval: 10s labels: {} metricRelabelings: null relabelings: - replacement: ${1} sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: node peerService: clusterDomain: cluster.local targetPort: 4244 preferIpv6: false relay: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: cilium topologyKey: kubernetes.io/hostname dialTimeout: null enabled: false extraEnv: [] extraVolumeMounts: [] extraVolumes: [] gops: enabled: true port: 9893 image: digest: sha256:e15ae63bf844f447cc976919541a9a8c218989360bbf2cf6b9f5ebbd8ae5045d override: null pullPolicy: IfNotPresent repository: quay.io/cilium/hubble-relay tag: v1.14.8 useDigest: true listenHost: "" listenPort: "4245" nodeSelector: kubernetes.io/os: linux podAnnotations: {} podDisruptionBudget: enabled: false maxUnavailable: 1 minAvailable: null podLabels: {} podSecurityContext: fsGroup: 65532 pprof: address: localhost enabled: false port: 6062 priorityClassName: "" prometheus: enabled: false port: 9966 serviceMonitor: annotations: {} enabled: false interval: 10s labels: {} metricRelabelings: null relabelings: null replicas: 1 resources: {} retryTimeout: null rollOutPods: false securityContext: capabilities: drop: - ALL runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 service: nodePort: 31234 type: ClusterIP sortBufferDrainTimeout: null sortBufferLenMax: null terminationGracePeriodSeconds: 1 tls: client: cert: "" key: "" server: cert: "" enabled: false extraDnsNames: [] extraIpAddresses: [] key: "" mtls: false tolerations: [] topologySpreadConstraints: [] updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate skipUnknownCGroupIDs: null socketPath: /var/run/cilium/hubble.sock tls: auto: certManagerIssuerRef: {} certValidityDuration: 1095 enabled: true method: helm schedule: 0 0 1 */4 * enabled: true server: cert: "" extraDnsNames: [] extraIpAddresses: [] key: "" ui: affinity: {} backend: extraEnv: [] extraVolumeMounts: [] extraVolumes: [] image: digest: sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803 override: null pullPolicy: IfNotPresent repository: quay.io/cilium/hubble-ui-backend tag: v0.13.0 useDigest: true resources: {} securityContext: {} baseUrl: / enabled: false frontend: extraEnv: [] extraVolumeMounts: [] extraVolumes: [] image: digest: sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666 override: null pullPolicy: IfNotPresent repository: quay.io/cilium/hubble-ui tag: v0.13.0 useDigest: true resources: {} securityContext: {} server: ipv6: enabled: true ingress: annotations: {} className: "" enabled: false hosts: - chart-example.local labels: {} tls: [] nodeSelector: kubernetes.io/os: linux podAnnotations: {} podDisruptionBudget: enabled: false maxUnavailable: 1 minAvailable: null podLabels: {} priorityClassName: "" replicas: 1 rollOutPods: false securityContext: fsGroup: 1001 runAsGroup: 1001 runAsUser: 1001 service: annotations: {} nodePort: 31235 type: ClusterIP standalone: enabled: false tls: certsVolume: {} tls: client: cert: "" key: "" tolerations: [] topologySpreadConstraints: [] updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate identityAllocationMode: crd identityChangeGracePeriod: "" image: digest: sha256:7fca3ba4b04af066e8b086b5c1a52e30f52db01ffc642e7db0a439514aed3ada override: null pullPolicy: IfNotPresent repository: quay.io/cilium/cilium tag: v1.14.8 useDigest: false imagePullSecrets: null ingressController: default: false defaultSecretName: null defaultSecretNamespace: null enabled: false enforceHttps: true ingressLBAnnotationPrefixes: - service.beta.kubernetes.io - service.kubernetes.io - cloud.google.com loadbalancerMode: dedicated secretsNamespace: create: true name: cilium-secrets sync: true service: allocateLoadBalancerNodePorts: null annotations: {} insecureNodePort: null labels: {} loadBalancerClass: null loadBalancerIP: null name: cilium-ingress secureNodePort: null type: LoadBalancer initResources: {} installNoConntrackIptablesRules: false ipMasqAgent: enabled: false ipam: ciliumNodeUpdateRate: 15s mode: cluster-pool operator: autoCreateCiliumPodIPPools: {} clusterPoolIPv4MaskSize: 24 clusterPoolIPv4PodCIDRList: - 172.24.0.0/16 clusterPoolIPv6MaskSize: 120 clusterPoolIPv6PodCIDRList: - fd00::/104 externalAPILimitBurstSize: null externalAPILimitQPS: null ipv4: enabled: true ipv4NativeRoutingCIDR: "" ipv6: enabled: false ipv6NativeRoutingCIDR: "" k8s: {} k8sClientRateLimit: burst: 10 qps: 5 k8sNetworkPolicy: enabled: true k8sServiceHost: "" k8sServicePort: "" keepDeprecatedLabels: false keepDeprecatedProbes: false kubeConfigPath: "" kubeProxyReplacementHealthzBindAddr: "" l2NeighDiscovery: enabled: true refreshPeriod: 30s l2announcements: enabled: false l2podAnnouncements: enabled: false interface: eth0 l7Proxy: true livenessProbe: failureThreshold: 10 periodSeconds: 30 loadBalancer: l7: algorithm: round_robin backend: disabled ports: [] localRedirectPolicy: false logSystemLoad: false maglev: {} monitor: enabled: false name: cilium nat46x64Gateway: enabled: false nodePort: autoProtectPortRange: true bindProtection: true enableHealthCheck: true enabled: false nodeSelector: kubernetes.io/os: linux nodeinit: affinity: {} bootstrapFile: /tmp/cilium-bootstrap.d/cilium-bootstrap-time enabled: false extraEnv: [] extraVolumeMounts: [] extraVolumes: [] image: override: null pullPolicy: IfNotPresent repository: quay.io/cilium/startup-script tag: 62093c5c233ea914bfa26a10ba41f8780d9b737f nodeSelector: kubernetes.io/os: linux podAnnotations: {} podLabels: {} prestop: postScript: "" preScript: "" priorityClassName: "" resources: requests: cpu: 100m memory: 100Mi securityContext: capabilities: add: - SYS_MODULE - NET_ADMIN - SYS_ADMIN - SYS_CHROOT - SYS_PTRACE privileged: false seLinuxOptions: level: s0 type: spc_t startup: postScript: "" preScript: "" tolerations: - operator: Exists updateStrategy: type: RollingUpdate operator: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: io.cilium/app: operator topologyKey: kubernetes.io/hostname dashboards: annotations: {} enabled: false label: grafana_dashboard labelValue: "1" namespace: null dnsPolicy: "" enabled: true endpointGCInterval: 5m0s extraArgs: [] extraEnv: [] extraHostPathMounts: [] extraVolumeMounts: [] extraVolumes: [] identityGCInterval: 15m0s identityHeartbeatTimeout: 30m0s image: alibabacloudDigest: sha256:59e5104392a65052d3fffc6789625474d4a86a70457554ab7252badd09a4f5e6 awsDigest: sha256:42ba7ccc5e0707bf7ee109da5582ed47afa827b2d2e17efd441148bdaa3b21ba azureDigest: sha256:e825da52bcdde15b56708090aad982d3b0db928aa09a2db339d200c6de0f66de genericDigest: sha256:56d373c12483c09964a00a29246595917603a077a298aa90a98e4de32c86b7dc override: null pullPolicy: IfNotPresent repository: quay.io/cilium/operator suffix: "" tag: v1.14.8 useDigest: false nodeGCInterval: 5m0s nodeSelector: kubernetes.io/os: linux node-role.kubernetes.io/control-plane: "" podAnnotations: {} podDisruptionBudget: enabled: false maxUnavailable: 1 minAvailable: null podLabels: {} podSecurityContext: {} pprof: address: localhost enabled: false port: 6061 priorityClassName: "" prometheus: enabled: false port: 9963 serviceMonitor: annotations: {} enabled: false interval: 10s labels: {} metricRelabelings: null relabelings: null removeNodeTaints: true replicas: 1 resources: {} rollOutPods: false securityContext: {} setNodeNetworkStatus: true setNodeTaints: null skipCNPStatusStartupClean: false skipCRDCreation: false tolerations: - operator: Exists topologySpreadConstraints: [] unmanagedPodWatcher: intervalSeconds: 15 restart: true updateStrategy: rollingUpdate: maxSurge: 25% maxUnavailable: 50% type: RollingUpdate pmtuDiscovery: enabled: false podAnnotations: {} podLabels: {} podSecurityContext: {} policyEnforcementMode: default pprof: address: localhost enabled: false port: 6060 preflight: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: k8s-app: cilium topologyKey: kubernetes.io/hostname enabled: false extraEnv: [] extraVolumeMounts: [] extraVolumes: [] image: digest: sha256:7fca3ba4b04af066e8b086b5c1a52e30f52db01ffc642e7db0a439514aed3ada override: null pullPolicy: IfNotPresent repository: quay.io/cilium/cilium tag: v1.14.8 useDigest: true nodeSelector: kubernetes.io/os: linux podAnnotations: {} podDisruptionBudget: enabled: false maxUnavailable: 1 minAvailable: null podLabels: {} podSecurityContext: {} priorityClassName: "" resources: {} securityContext: {} terminationGracePeriodSeconds: 1 tofqdnsPreCache: "" tolerations: - effect: NoSchedule key: node.kubernetes.io/not-ready - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized value: "true" - key: CriticalAddonsOnly operator: Exists updateStrategy: type: RollingUpdate validateCNPs: true priorityClassName: "" prometheus: enabled: false metrics: null port: 9962 serviceMonitor: annotations: {} enabled: false interval: 10s labels: {} metricRelabelings: null relabelings: - replacement: ${1} sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: node trustCRDsExist: false proxy: prometheus: enabled: true port: null sidecarImageRegex: cilium/istio_proxy rbac: create: true readinessProbe: failureThreshold: 3 periodSeconds: 30 remoteNodeIdentity: true resourceQuotas: cilium: hard: pods: 10k enabled: false operator: hard: pods: "15" resources: {} rollOutCiliumPods: false routingMode: "" sctp: enabled: false securityContext: capabilities: applySysctlOverwrites: - SYS_ADMIN - SYS_CHROOT - SYS_PTRACE ciliumAgent: - CHOWN - KILL - NET_ADMIN - NET_RAW - IPC_LOCK - SYS_MODULE - SYS_ADMIN - SYS_RESOURCE - DAC_OVERRIDE - FOWNER - SETGID - SETUID cleanCiliumState: - NET_ADMIN - SYS_MODULE - SYS_ADMIN - SYS_RESOURCE mountCgroup: - SYS_ADMIN - SYS_CHROOT - SYS_PTRACE privileged: false seLinuxOptions: level: s0 type: spc_t serviceAccounts: cilium: annotations: {} automount: true create: true name: cilium clustermeshApiserver: annotations: {} automount: true create: true name: clustermesh-apiserver clustermeshcertgen: annotations: {} automount: true create: true name: clustermesh-apiserver-generate-certs envoy: annotations: {} automount: true create: true name: cilium-envoy etcd: annotations: {} automount: true create: true name: cilium-etcd-operator hubblecertgen: annotations: {} automount: true create: true name: hubble-generate-certs nodeinit: annotations: {} automount: true create: true enabled: false name: cilium-nodeinit operator: annotations: {} automount: true create: true name: cilium-operator preflight: annotations: {} automount: true create: true name: cilium-pre-flight relay: annotations: {} automount: false create: true name: hubble-relay ui: annotations: {} automount: true create: true name: hubble-ui sleepAfterInit: false socketLB: enabled: false startupProbe: failureThreshold: 105 periodSeconds: 2 svcSourceRangeCheck: true synchronizeK8sNodes: true terminationGracePeriodSeconds: 1 tls: ca: cert: "" certValidityDuration: 1095 key: "" caBundle: enabled: false key: ca.crt name: cilium-root-ca.crt useSecret: false secretsBackend: local tolerations: - operator: Exists tunnel: geneve tunnelPort: 6082 tunnelProtocol: "" updateStrategy: rollingUpdate: maxUnavailable: 2 type: RollingUpdate upgradeCompatibility: "1.13" vtep: cidr: "" enabled: false endpoint: "" mac: "" mask: "" waitForKubeProxy: false wellKnownIdentities: enabled: false