diff --git a/clusters/cl01tl/manifests/cilium/CiliumL2AnnouncementPolicy-node-gateway-l2-policy.yaml b/clusters/cl01tl/manifests/cilium/CiliumL2AnnouncementPolicy-node-gateway-l2-policy.yaml
new file mode 100644
index 000000000..a840e0e99
--- /dev/null
+++ b/clusters/cl01tl/manifests/cilium/CiliumL2AnnouncementPolicy-node-gateway-l2-policy.yaml
@@ -0,0 +1,17 @@
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: node-gateway-l2-policy
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: node-gateway-l2-policy
+    app.kubernetes.io/instance: cilium
+    app.kubernetes.io/part-of: cilium
+spec:
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/hostname: talos-ix7-xku
+  interfaces:
+    - "^enp.*"
+  externalIPs: true
+  loadBalancerIPs: true
diff --git a/clusters/cl01tl/manifests/cilium/CiliumLoadBalancerIPPool-default-ip-pool.yaml b/clusters/cl01tl/manifests/cilium/CiliumLoadBalancerIPPool-default-ip-pool.yaml
index 76f6777e9..10957d562 100644
--- a/clusters/cl01tl/manifests/cilium/CiliumLoadBalancerIPPool-default-ip-pool.yaml
+++ b/clusters/cl01tl/manifests/cilium/CiliumLoadBalancerIPPool-default-ip-pool.yaml
@@ -9,7 +9,5 @@ metadata:
     app.kubernetes.io/part-of: cilium
 spec:
   blocks:
-    - start: "10.232.1.21"
-      stop: "10.232.1.23"
     - start: "10.232.2.21"
       stop: "10.232.2.23"
diff --git a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium.yaml b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium.yaml
index 92b76c741..8344a1a93 100644
--- a/clusters/cl01tl/manifests/cilium/ClusterRole-cilium.yaml
+++ b/clusters/cl01tl/manifests/cilium/ClusterRole-cilium.yaml
@@ -33,6 +33,16 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - update
+      - list
+      - delete
   - apiGroups:
       - apiextensions.k8s.io
     resources:
diff --git a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
index 0b4f0b81f..95465f284 100644
--- a/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
+++ b/clusters/cl01tl/manifests/cilium/ConfigMap-cilium-config.yaml
@@ -71,7 +71,7 @@ data:
   iptables-random-fully: "false"
   auto-direct-node-routes: "false"
   direct-routing-skip-unreachable: "false"
-  devices: "end0 enp6s0"
+  devices: "^(enp|end|eth)[0-9a-z]*"
   kube-proxy-replacement: "true"
   kube-proxy-replacement-healthz-bind-address: ""
   bpf-lb-sock: "true"
@@ -115,6 +115,7 @@ data:
   vtep-mask: ""
   vtep-mac: ""
   enable-k8s-endpoint-slice: "true"
+  enable-l2-announcements: "true"
   procfs: "/host/proc"
   bpf-root: "/sys/fs/bpf"
   cgroup-root: "/sys/fs/cgroup"
diff --git a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml
index 6352a60ff..1574b8938 100644
--- a/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml
+++ b/clusters/cl01tl/manifests/cilium/DaemonSet-cilium.yaml
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: "9f67de7f01bb2bf87c953f3042be7aa5cb195bedc250957e485cd90aeb6c80ea"
+        cilium.io/cilium-configmap-checksum: "97776673c7ef207c96f208950b68ee9a8c427feec66a73ba0455eb366844f835"
         kubectl.kubernetes.io/default-container: cilium-agent
       labels:
         k8s-app: cilium
diff --git a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml
index 48d4f7770..09dd92708 100644
--- a/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml
+++ b/clusters/cl01tl/manifests/cilium/Deployment-cilium-operator.yaml
@@ -22,7 +22,7 @@ spec:
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: "9f67de7f01bb2bf87c953f3042be7aa5cb195bedc250957e485cd90aeb6c80ea"
+        cilium.io/cilium-configmap-checksum: "97776673c7ef207c96f208950b68ee9a8c427feec66a73ba0455eb366844f835"
       labels:
         io.cilium/app: operator
         name: cilium-operator
diff --git a/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml b/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml
new file mode 100644
index 000000000..6e03d0b48
--- /dev/null
+++ b/clusters/cl01tl/manifests/cilium/Gateway-cilium-tls-gateway.yaml
@@ -0,0 +1,46 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: cilium-tls-gateway
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: cilium-tls-gateway
+    app.kubernetes.io/instance: cilium
+    app.kubernetes.io/part-of: cilium
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    io.cilium/lb-ipam-ips: "10.232.1.23"
+spec:
+  addresses:
+    - type: IPAddress
+      value: 10.232.1.23
+  gatewayClassName: cilium
+  listeners:
+    - allowedRoutes:
+        namespaces:
+          from: All
+      hostname: '*.alexlebens.net'
+      name: https
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - group: ''
+            kind: Secret
+            name: https-gateway-cert
+            namespace: kube-system
+        mode: Terminate
+    - allowedRoutes:
+        namespaces:
+          from: All
+      hostname: 'alexlebens.net'
+      name: https-domain
+      port: 443
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - group: ''
+            kind: Secret
+            name: https-gateway-cert
+            namespace: kube-system
+        mode: Terminate