From 50fc9b4c57e35acc5129f90077b4e7c63d8bfe46 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Thu, 5 Feb 2026 14:40:58 -0600
Subject: [PATCH] feat: disable l2 announcement

---
 .../cilium-l2-announcement-policy.yaml        | 36 ++++----
 .../cl01tl/helm/cilium/templates/gateway.yaml | 92 +++++++++----------
 .../helm/cilium/templates/http-route.yaml     |  4 +-
 clusters/cl01tl/helm/cilium/values.yaml       |  2 +-
 4 files changed, 67 insertions(+), 67 deletions(-)

diff --git a/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml b/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
index e9e345eec..af6080a5f 100644
--- a/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
@@ -1,18 +1,18 @@
-apiVersion: "cilium.io/v2alpha1"
-kind: CiliumL2AnnouncementPolicy
-metadata:
-  name: node-gateway-l2-policy
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: node-gateway-l2-policy
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  nodeSelector:
-    matchLabels:
-      kubernetes.io/hostname: talos-ix7-xku
-  interfaces:
-    - end0
-    - enp6s0
-  externalIPs: true
-  loadBalancerIPs: true
+# apiVersion: "cilium.io/v2alpha1"
+# kind: CiliumL2AnnouncementPolicy
+# metadata:
+#   name: node-gateway-l2-policy
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: node-gateway-l2-policy
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   nodeSelector:
+#     matchLabels:
+#       kubernetes.io/hostname: talos-ix7-xku
+#   interfaces:
+#     - end0
+#     - enp6s0
+#   externalIPs: true
+#   loadBalancerIPs: true
diff --git a/clusters/cl01tl/helm/cilium/templates/gateway.yaml b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
index b0cc3ad86..52387c139 100644
--- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
@@ -1,46 +1,46 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: cilium-tls-gateway
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: cilium-tls-gateway
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
-    io.cilium/lb-ipam-ips: "10.232.1.23"
-spec:
-  addresses:
-    - type: IPAddress
-      value: 10.232.1.23
-  gatewayClassName: cilium
-  listeners:
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: '*.alexlebens.net'
-      name: https
-      port: 443
-      protocol: HTTPS
-      tls:
-        certificateRefs:
-          - group: ''
-            kind: Secret
-            name: https-gateway-cert
-            namespace: kube-system
-        mode: Terminate
-    - allowedRoutes:
-        namespaces:
-          from: All
-      hostname: 'alexlebens.net'
-      name: https-domain
-      port: 443
-      protocol: HTTPS
-      tls:
-        certificateRefs:
-          - group: ''
-            kind: Secret
-            name: https-gateway-cert
-            namespace: kube-system
-        mode: Terminate
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: Gateway
+# metadata:
+#   name: cilium-tls-gateway
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-tls-gateway
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+#   annotations:
+#     cert-manager.io/cluster-issuer: letsencrypt-issuer
+#     io.cilium/lb-ipam-ips: "10.232.1.23"
+# spec:
+#   addresses:
+#     - type: IPAddress
+#       value: 10.232.1.23
+#   gatewayClassName: cilium
+#   listeners:
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: '*.alexlebens.net'
+#       name: https
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: 'alexlebens.net'
+#       name: https-domain
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate
diff --git a/clusters/cl01tl/helm/cilium/templates/http-route.yaml b/clusters/cl01tl/helm/cilium/templates/http-route.yaml
index f6ab06554..d6a2df802 100644
--- a/clusters/cl01tl/helm/cilium/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/http-route.yaml
@@ -11,8 +11,8 @@ spec:
   parentRefs:
     - group: gateway.networking.k8s.io
       kind: Gateway
-      name: cilium-tls-gateway
-      namespace: kube-system
+      name: traefik-gateway
+      namespace: traefik
   hostnames:
     - hubble.alexlebens.net
   rules:
diff --git a/clusters/cl01tl/helm/cilium/values.yaml b/clusters/cl01tl/helm/cilium/values.yaml
index 6ca6e703a..84a1b1453 100644
--- a/clusters/cl01tl/helm/cilium/values.yaml
+++ b/clusters/cl01tl/helm/cilium/values.yaml
@@ -26,7 +26,7 @@ cilium:
         - SYS_ADMIN
         - SYS_RESOURCE
   l2announcements:
-    enabled: true
+    enabled: false
   bgpControlPlane:
     enabled: false
     secretsNamespace: