feat(cilium): added BPF/XDP and support for encryption

M4t7e · mrclrchtr · commit 65178aee3d0d · 2024-08-07T15:55:46.000+02:00
diff --git a/manifest_cilium.tf b/manifest_cilium.tf
@@ -28,6 +28,22 @@ data "helm_template" "cilium_default" {
     name  = "kubeProxyReplacement"
     value = "true"
   }
+  set {
+    name  = "bpf.masquerade"
+    value = "true"
+  }
+  set {
+    name  = "loadBalancer.acceleration"
+    value = "native"
+  }
+  set {
+    name  = "encryption.enabled"
+    value = var.cilium_enable_encryption ? "true" : "false"
+  }
+  set {
+    name  = "encryption.type"
+    value = "wireguard"
+  }
   set {
     name  = "securityContext.capabilities.ciliumAgent"
     value = "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
diff --git a/variables.tf b/variables.tf
@@ -336,6 +336,12 @@ variable "cilium_values" {
   EOF
 }
 
+variable "cilium_enable_encryption" {
+  type        = bool
+  default     = false
+  description = "Enable transparent network encryption."
+}
+
 variable "cilium_enable_service_monitors" {
   type        = bool
   default     = false
