Update packages in kubernetes/keys.

nix/kubernetes/keys/scope.nix

@@ -234,7 +234,7 @@ makeScope newScope (
     encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars);
     cilium-manifest =
       let
-        version = "1.18.5";
+        version = "1.19.1";
       in
       (callPackage ./package/helm-manifest/package.nix (
         additional_vars
@@ -243,7 +243,7 @@ makeScope newScope (
             owner = "cilium";
             repo = "cilium";
             tag = "v${version}";
-            hash = "sha256-348inOOQ/fgwTYnaSHrQ363xGYnx2UPts3D4ycDRsWE=";
+            hash = "sha256-wswY4u2Z7Z8hvGVnLONxSD1Mu1RV1AglC4ijUHsCCW4=";
           };
           helm_name = "cilium";
           helm_namespace = "kube-system";
@@ -262,13 +262,18 @@ makeScope newScope (
             "ipv4" = {
               "enabled" = true;
             };
+            "externalIPs" = {
+              "enabled" = true;
+            };
             "enableIPv6Masquerade" = false;
             "enableIPv4BIGTCP" = true;
             "enableIPv6BIGTCP" = true;
             "routingMode" = "native";
             "autoDirectNodeRoutes" = true;
             "ipv4NativeRoutingCIDR" = "10.200.0.0/16";
-            "ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff::/80";
+            "ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff:eeee::/96";
+            # "ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff::/80";
+            # "l7Proxy" = true; # Needed for cilium gateway controller
 
             "hubble" = {
               "relay" = {
@@ -283,7 +288,7 @@ makeScope newScope (
               };
             };
 
-            "policyEnforcementMode" = "never";
+            "policyEnforcementMode" = "never"; # This is temporary for debugging
 
             # TODO: Read and maybe apply https://docs.cilium.io/en/stable/operations/performance/tuning/