add capabilities

clusters/cl01tl/standalone/cilium/values.yaml

@@ -7,6 +7,28 @@ cilium:
     qps: 50
     burst: 100
   rollOutCiliumPods: true
+  securityContext:
+    capabilities:
+      ciliumAgent:
+        add:
+          - CHOWN
+          - KILL
+          - NET_ADMIN
+          - NET_RAW
+          - IPC_LOCK
+          - SYS_ADMIN
+          - SYS_RESOURCE
+          - DAC_OVERRIDE
+          - FOWNER
+          - SETGID
+          - SETUID
+          - PERFMON
+          - BPF
+      cleanCiliumState:
+        add:
+          - NET_ADMIN
+          - SYS_ADMIN
+          - SYS_RESOURCE
   l2announcements:
     enabled: true
   bgpControlPlane:
@@ -22,6 +44,8 @@ cilium:
       sync: true
   gatewayAPI:
     enabled: true
+    enableAlpn: true
+    enableAppProtocol: true
     secretsNamespace:
       create: false
       name: kube-system