Initial commit of running cilium l4lb via compose

global/overlay/etc/puppet/modules/cdn/manifests/l4lb/init.pp

@@ -0,0 +1,14 @@
+# Configure the SUNET CDN l4lb service
+class cdn::l4lb(
+  String $cilium_version = 'v1.16.1',
+  String $cilium_devices = 'enp129s0f1np1',
+)
+{
+  sunet::docker_compose { 'sunet-cdn-l4lb':
+    content          => template('sunet/cdn/l4lb/docker-compose.yml.erb'),
+    service_name     => 'sunet-cdn-l4lb',
+    compose_dir      => '/opt/sunet-cdn/compose/l4lb',
+    compose_filename => 'docker-compose.yml',
+    description      => 'SUNET CDN l4lb',
+  }
+}

global/overlay/etc/puppet/modules/cdn/templates/l4lb/docker-compose.yml.erb

@@ -0,0 +1,32 @@
+services:
+  l4lb:
+    image: "quay.io/cilium/cilium:<%= @cilium_version %>"
+    volumes:
+      - /sys/fs/bpf
+      - /lib/modules
+      - /var/run/netns
+    network_mode: "host"
+    privileged: true
+    command:
+      - "nsenter"
+      - "--net=/var/run/netns/l4lb"
+      - "cilium-agent"
+      - "--bpf-lb-algorithm=maglev"
+      - "--bpf-lb-mode=dsr"
+      - "--bpf-lb-acceleration=native"
+      - "--bpf-lb-dsr-dispatch=ipip"
+      - "--devices=<%= @cilium_devices %>"
+      - "--datapath-mode=lb-only"
+      - "--enable-l7-proxy=false"
+      - "--routing-mode=native"
+      - "--enable-bandwidth-manager=false"
+      - "--enable-local-redirect-policy=false"
+      - "--enable-hubble=true"
+      - "--enable-recorder=true"
+      - "--enable-l7-proxy=false"
+      - "--preallocate-bpf-maps=false"
+      - "--disable-envoy-version-check=true"
+      - "--auto-direct-node-routes=false"
+      - "--enable-xdp-prefilter=true"
+      - "--enable-ipv4=true"
+      - "--enable-ipv6=true"