From 183c564483142adcdbe135633988c83a1b51b7fe Mon Sep 17 00:00:00 2001 From: 3u13r Date: Fri, 15 Dec 2023 23:07:03 +0100 Subject: [PATCH] cilium: enable bpf masquerading (#2723) * cilium: enable bpf masquerading * cilium: also enable ipMasqAgent * cilium: remove custom Azure masqing --- internal/constellation/helm/overrides.go | 6 +++ internal/constellation/helm/values.go | 47 +++++++++++++++++++++++- 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go index 1e18e7e313..60c8be7da9 100644 --- a/internal/constellation/helm/overrides.go +++ b/internal/constellation/helm/overrides.go @@ -59,6 +59,12 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou extraVals["encryption"] = map[string]any{ "strictMode": strictMode, } + extraVals["ipMasqAgent"] = map[string]any{ + "config": map[string]any{ + "nonMasqueradeCIDRs": []string{output.IPCidrNode}, + }, + } + return extraVals } diff --git a/internal/constellation/helm/values.go b/internal/constellation/helm/values.go index 60913c2f54..264176b734 100644 --- a/internal/constellation/helm/values.go +++ b/internal/constellation/helm/values.go @@ -49,6 +49,15 @@ var ciliumVals = map[string]map[string]any{ "useDigest": true, }, }, + "bpf": map[string]any{ + "masquerade": true, + }, + "ipMasqAgent": map[string]any{ + "enabled": true, + "config": map[string]any{ + "masqLinkLocal": true, + }, + }, "kubeProxyReplacement": "strict", "enableCiliumEndpointSlice": true, "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", @@ -92,8 +101,15 @@ var ciliumVals = map[string]map[string]any{ "useDigest": true, }, }, - "egressMasqueradeInterfaces": "eth0", - "enableIPv4Masquerade": true, + "bpf": map[string]any{ + "masquerade": true, + }, + "ipMasqAgent": map[string]any{ + "enabled": true, + "config": map[string]any{ + "masqLinkLocal": true, + }, + }, "kubeProxyReplacement": "strict", "enableCiliumEndpointSlice": true, "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", @@ -133,6 +149,15 @@ var ciliumVals = map[string]map[string]any{ "ipam": map[string]any{ "mode": "kubernetes", }, + "bpf": map[string]any{ + "masquerade": true, + }, + "ipMasqAgent": map[string]any{ + "enabled": true, + "config": map[string]any{ + "masqLinkLocal": true, + }, + }, "kubeProxyReplacement": "strict", "enableCiliumEndpointSlice": true, "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", @@ -175,6 +200,15 @@ var ciliumVals = map[string]map[string]any{ "useDigest": true, }, }, + "bpf": map[string]any{ + "masquerade": true, + }, + "ipMasqAgent": map[string]any{ + "enabled": true, + "config": map[string]any{ + "masqLinkLocal": true, + }, + }, "kubeProxyReplacement": "strict", "enableCiliumEndpointSlice": true, "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256", @@ -215,6 +249,15 @@ var ciliumVals = map[string]map[string]any{ }, }, }, + "bpf": map[string]any{ + "masquerade": true, + }, + "ipMasqAgent": map[string]any{ + "enabled": true, + "config": map[string]any{ + "masqLinkLocal": true, + }, + }, "kubeProxyReplacement": "strict", "enableCiliumEndpointSlice": true, "kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",