From 282b3c0f74d1c085c6d76f64ac5defbe24bbe98c Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Sun, 10 May 2026 17:51:12 -0500
Subject: [PATCH] feat: add security context

---
 clusters/cl01tl/helm/cilium/values.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/clusters/cl01tl/helm/cilium/values.yaml b/clusters/cl01tl/helm/cilium/values.yaml
index 20bfa1cbc..748458730 100644
--- a/clusters/cl01tl/helm/cilium/values.yaml
+++ b/clusters/cl01tl/helm/cilium/values.yaml
@@ -6,6 +6,26 @@ cilium:
     qps: 50
     burst: 100
   rollOutCiliumPods: true
+  securityContext:
+    capabilities:
+      ciliumAgent:
+        - CHOWN
+        - KILL
+        - NET_ADMIN
+        - NET_RAW
+        - IPC_LOCK
+        - SYS_ADMIN
+        - SYS_RESOURCE
+        - DAC_OVERRIDE
+        - FOWNER
+        - SETGID
+        - SETUID
+        - PERFMON
+        - BPF
+      cleanCiliumState:
+        - NET_ADMIN
+        - SYS_ADMIN
+        - SYS_RESOURCE
   bpf:
     hostLegacyRouting: true
   devices: end0 enp6s0