From 1239b98e356268165a4ac273b0a7a40ba29461d2 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Mon, 9 Dec 2024 17:50:50 +0800
Subject: [PATCH] feat(cilium): disable masquerade

---
 .../_networking/cilium/app/config/biohazard/helm-values.yaml    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml b/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
index a4aed623..e6ebc4cc 100644
--- a/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
+++ b/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
@@ -38,7 +38,7 @@ kubeProxyReplacementHealthzBindAddr: "0.0.0.0:10256"
 enableIPv4Masquerade: false # BGP advertise PodCIDR so only FortiGate does NAT
 directRoutingSkipUnreachable: true # use local L2 within cluster while outside cluster uses BGP
 bpf:
-  masquerade: true
+  # masquerade: true
   # hostLegacyRouting: true # so pods can use the normal Linux routing table from the host
   tproxy: true # L7 netpols stuff
   preallocateMaps: true # reduce latency, increased memory usage