From 95ebc2f30cb3e7d748ead872da2daaba67122b73 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Sun, 2 Mar 2025 13:48:58 -0600
Subject: [PATCH] add capabilities

---
 clusters/cl01tl/standalone/cilium/values.yaml | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/clusters/cl01tl/standalone/cilium/values.yaml b/clusters/cl01tl/standalone/cilium/values.yaml
index 769774139..1f7d43b5d 100644
--- a/clusters/cl01tl/standalone/cilium/values.yaml
+++ b/clusters/cl01tl/standalone/cilium/values.yaml
@@ -7,6 +7,28 @@ cilium:
     qps: 50
     burst: 100
   rollOutCiliumPods: true
+  securityContext:
+    capabilities:
+      ciliumAgent:
+        add:
+          - CHOWN
+          - KILL
+          - NET_ADMIN
+          - NET_RAW
+          - IPC_LOCK
+          - SYS_ADMIN
+          - SYS_RESOURCE
+          - DAC_OVERRIDE
+          - FOWNER
+          - SETGID
+          - SETUID
+          - PERFMON
+          - BPF
+      cleanCiliumState:
+        add:
+          - NET_ADMIN
+          - SYS_ADMIN
+          - SYS_RESOURCE
   l2announcements:
     enabled: true
   bgpControlPlane:
@@ -22,6 +44,8 @@ cilium:
       sync: true
   gatewayAPI:
     enabled: true
+    enableAlpn: true
+    enableAppProtocol: true
     secretsNamespace:
       create: false
       name: kube-system