Fix: cIlium node-to-node encryption

scaleway/deployments/cilium.yaml

@@ -23,6 +23,7 @@ tunnel: "vxlan"
 autoDirectNodeRoutes: false
 devices: [eth0,eth1]
 
+l7Proxy: false
 encryption:
   enabled: true
   type: wireguard

scaleway/deployments/cilium_result.yaml

@@ -127,7 +127,7 @@ data:
   #   - geneve
   tunnel: vxlan
   # Enables L7 proxy for L7 policy enforcement and visibility
-  enable-l7-proxy: "true"
+  enable-l7-proxy: "false"
 
   enable-ipv4-masquerade: "true"
   enable-ipv6-masquerade: "true"

scaleway/network-secgroup.tf

@@ -25,6 +25,12 @@ resource "scaleway_instance_security_group" "controlplane" {
     }
   }
 
+  inbound_rule {
+    action   = "accept"
+    protocol = "TCP"
+    port     = 4240
+    ip_range = "::/0"
+  }
   inbound_rule {
     action   = "accept"
     protocol = "ANY"
@@ -43,6 +49,12 @@ resource "scaleway_instance_security_group" "controlplane" {
     port     = 51820
     ip_range = "::/0"
   }
+
+  inbound_rule {
+    action   = "accept"
+    protocol = "ICMP"
+    ip_range = "::/0"
+  }
 }
 
 resource "scaleway_instance_security_group" "web" {
@@ -60,6 +72,12 @@ resource "scaleway_instance_security_group" "web" {
     }
   }
 
+  inbound_rule {
+    action   = "accept"
+    protocol = "TCP"
+    port     = 4240
+    ip_range = "::/0"
+  }
   inbound_rule {
     action   = "accept"
     protocol = "ANY"
@@ -78,6 +96,12 @@ resource "scaleway_instance_security_group" "web" {
     port     = 51820
     ip_range = "::/0"
   }
+
+  inbound_rule {
+    action   = "accept"
+    protocol = "ICMP"
+    ip_range = "::/0"
+  }
 }
 
 resource "scaleway_instance_security_group" "worker" {