# Cilium configuration to fix pod-to-master connectivity
# Changes native routing to tunnel mode (VXLAN)

bpf:
  hostLegacyRouting: false
  masquerade: true

cni:
  chainingMode: none

ipam:
  mode: kubernetes
  operator:
    clusterPoolIPv4PodCIDR: 10.42.0.0/16

ipv4:
  enabled: true

ipv6:
  enabled: false

k8sServiceHost: 10.20.5.71
k8sServicePort: 6443

kubeProxyReplacement: strict
localRedirectPolicy: true

securityContext:
  privileged: true

# Fix for cross-subnet pod connectivity (NSX-T + VPC)
tunnel: vxlan
routingMode: tunnel
autoDirectNodeRoutes: false