cdn-ops/global/overlay/etc/puppet/modules/cdn/templates/l4lb/docker-compose.yml.erb

services:
  l4lb:
    image: "quay.io/cilium/cilium:<%= @cilium_version %>"
    volumes:
      - /sys/fs/bpf
      - /lib/modules
      - /var/run/netns
    network_mode: "host"
    privileged: true
    command:
      - "nsenter"
      - "--net=/var/run/netns/l4lb"
      - "cilium-agent"
      - "--bpf-lb-algorithm=maglev"
      - "--bpf-lb-mode=dsr"
      - "--bpf-lb-acceleration=native"
      - "--bpf-lb-dsr-dispatch=ipip"
      - "--devices=<%= @cilium_devices %>"
      - "--datapath-mode=lb-only"
      - "--enable-l7-proxy=false"
      - "--routing-mode=native"
      - "--enable-bandwidth-manager=false"
      - "--enable-local-redirect-policy=false"
      - "--enable-hubble=true"
      - "--enable-recorder=true"
      - "--enable-l7-proxy=false"
      - "--preallocate-bpf-maps=false"
      - "--disable-envoy-version-check=true"
      - "--auto-direct-node-routes=false"
      - "--enable-xdp-prefilter=true"
      - "--enable-ipv4=true"
      - "--enable-ipv6=true"