From 5bc93b856372531063ad304cd992177436e47bfd Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Thu, 26 Sep 2024 15:02:26 +0200
Subject: [PATCH] chore(t8s-cluster/workload-cluster): enable cilium eBPF
 routing with the aforementioned ports

---
 .../templates/workload-cluster/cni-cilium.yaml           | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml b/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml
index 73c56c5966..dad11624c9 100644
--- a/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml
+++ b/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml
@@ -25,6 +25,15 @@ spec:
   targetNamespace: kube-system
   releaseName: cni
   values:
+    # enable eBPF based routing instead of iptables
+    nodePort:
+      enabled: true
+    bpf:
+      masquerade: true
+    # enable eBPF bases host routing
+    # currently not really possible with CAPI, as they don't support disabling the built-in kube-proxy
+    # kubeProxyReplacement: strict
+
     rollOutCiliumPods: true
     encryption:
       enabled: false