mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-28 08:59:34 -05:00
cilium: enable bpf masquerading (#2723)
* cilium: enable bpf masquerading * cilium: also enable ipMasqAgent * cilium: remove custom Azure masqing
This commit is contained in:
parent
0111b6d718
commit
183c564483
@ -59,6 +59,12 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
|
||||
extraVals["encryption"] = map[string]any{
|
||||
"strictMode": strictMode,
|
||||
}
|
||||
extraVals["ipMasqAgent"] = map[string]any{
|
||||
"config": map[string]any{
|
||||
"nonMasqueradeCIDRs": []string{output.IPCidrNode},
|
||||
},
|
||||
}
|
||||
|
||||
return extraVals
|
||||
}
|
||||
|
||||
|
@ -49,6 +49,15 @@ var ciliumVals = map[string]map[string]any{
|
||||
"useDigest": true,
|
||||
},
|
||||
},
|
||||
"bpf": map[string]any{
|
||||
"masquerade": true,
|
||||
},
|
||||
"ipMasqAgent": map[string]any{
|
||||
"enabled": true,
|
||||
"config": map[string]any{
|
||||
"masqLinkLocal": true,
|
||||
},
|
||||
},
|
||||
"kubeProxyReplacement": "strict",
|
||||
"enableCiliumEndpointSlice": true,
|
||||
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
||||
@ -92,8 +101,15 @@ var ciliumVals = map[string]map[string]any{
|
||||
"useDigest": true,
|
||||
},
|
||||
},
|
||||
"egressMasqueradeInterfaces": "eth0",
|
||||
"enableIPv4Masquerade": true,
|
||||
"bpf": map[string]any{
|
||||
"masquerade": true,
|
||||
},
|
||||
"ipMasqAgent": map[string]any{
|
||||
"enabled": true,
|
||||
"config": map[string]any{
|
||||
"masqLinkLocal": true,
|
||||
},
|
||||
},
|
||||
"kubeProxyReplacement": "strict",
|
||||
"enableCiliumEndpointSlice": true,
|
||||
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
||||
@ -133,6 +149,15 @@ var ciliumVals = map[string]map[string]any{
|
||||
"ipam": map[string]any{
|
||||
"mode": "kubernetes",
|
||||
},
|
||||
"bpf": map[string]any{
|
||||
"masquerade": true,
|
||||
},
|
||||
"ipMasqAgent": map[string]any{
|
||||
"enabled": true,
|
||||
"config": map[string]any{
|
||||
"masqLinkLocal": true,
|
||||
},
|
||||
},
|
||||
"kubeProxyReplacement": "strict",
|
||||
"enableCiliumEndpointSlice": true,
|
||||
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
||||
@ -175,6 +200,15 @@ var ciliumVals = map[string]map[string]any{
|
||||
"useDigest": true,
|
||||
},
|
||||
},
|
||||
"bpf": map[string]any{
|
||||
"masquerade": true,
|
||||
},
|
||||
"ipMasqAgent": map[string]any{
|
||||
"enabled": true,
|
||||
"config": map[string]any{
|
||||
"masqLinkLocal": true,
|
||||
},
|
||||
},
|
||||
"kubeProxyReplacement": "strict",
|
||||
"enableCiliumEndpointSlice": true,
|
||||
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
||||
@ -215,6 +249,15 @@ var ciliumVals = map[string]map[string]any{
|
||||
},
|
||||
},
|
||||
},
|
||||
"bpf": map[string]any{
|
||||
"masquerade": true,
|
||||
},
|
||||
"ipMasqAgent": map[string]any{
|
||||
"enabled": true,
|
||||
"config": map[string]any{
|
||||
"masqLinkLocal": true,
|
||||
},
|
||||
},
|
||||
"kubeProxyReplacement": "strict",
|
||||
"enableCiliumEndpointSlice": true,
|
||||
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
|
||||
|
Loading…
Reference in New Issue
Block a user