Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-19 19:54:22 -04:00
Code Issues Projects Releases Packages Wiki Activity

cilium: enable bpf masquerading (#2723)

Browse source 
* cilium: enable bpf masquerading

* cilium: also enable ipMasqAgent

* cilium: remove custom Azure masqing
This commit is contained in:
3u13r 2023-12-15 23:07:03 +01:00 committed by GitHub
parent 0111b6d718
commit 183c564483
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/constellation/helm/overrides.go
View file

@ -59,6 +59,12 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
extraVals["encryption"] = map[string]any{ extraVals["encryption"] = map[string]any{
"strictMode": strictMode, "strictMode": strictMode,
} }
extraVals["ipMasqAgent"] = map[string]any{
"config": map[string]any{
"nonMasqueradeCIDRs": []string{output.IPCidrNode},
},
}
return extraVals return extraVals
} }

47
internal/constellation/helm/values.go
View file

@ -49,6 +49,15 @@ var ciliumVals = map[string]map[string]any{
"useDigest": true, "useDigest": true,
}, },
}, },
"bpf": map[string]any{
"masquerade": true,
},
"ipMasqAgent": map[string]any{
"enabled": true,
"config": map[string]any{
"masqLinkLocal": true,
},
},
"kubeProxyReplacement": "strict", "kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true, "enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
@ -92,8 +101,15 @@ var ciliumVals = map[string]map[string]any{
"useDigest": true, "useDigest": true,
}, },
}, },
"egressMasqueradeInterfaces": "eth0", "bpf": map[string]any{
"enableIPv4Masquerade": true, "masquerade": true,
},
"ipMasqAgent": map[string]any{
"enabled": true,
"config": map[string]any{
"masqLinkLocal": true,
},
},
"kubeProxyReplacement": "strict", "kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true, "enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
@ -133,6 +149,15 @@ var ciliumVals = map[string]map[string]any{
"ipam": map[string]any{ "ipam": map[string]any{
"mode": "kubernetes", "mode": "kubernetes",
}, },
"bpf": map[string]any{
"masquerade": true,
},
"ipMasqAgent": map[string]any{
"enabled": true,
"config": map[string]any{
"masqLinkLocal": true,
},
},
"kubeProxyReplacement": "strict", "kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true, "enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
@ -175,6 +200,15 @@ var ciliumVals = map[string]map[string]any{
"useDigest": true, "useDigest": true,
}, },
}, },
"bpf": map[string]any{
"masquerade": true,
},
"ipMasqAgent": map[string]any{
"enabled": true,
"config": map[string]any{
"masqLinkLocal": true,
},
},
"kubeProxyReplacement": "strict", "kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true, "enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
@ -215,6 +249,15 @@ var ciliumVals = map[string]map[string]any{
}, },
}, },
}, },
"bpf": map[string]any{
"masquerade": true,
},
"ipMasqAgent": map[string]any{
"enabled": true,
"config": map[string]any{
"masqLinkLocal": true,
},
},
"kubeProxyReplacement": "strict", "kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true, "enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",