Update cilium.sh to include template generation and upgrade Cilium version to 1.17.3

talos/patches/cilium.sh

@@ -1,15 +1,37 @@
+#!/usr/bin/env bash
+
+cat > template.yaml << 'EOF'
+cluster:
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true
+  inlineManifests:
+    - name: cilium
+      contents: |
+        __CILIUM_MANIFEST__
+EOF
+
+helm repo add cilium https://helm.cilium.io/
 helm template \
     cilium \
     cilium/cilium \
-    --version 1.15.6 \
+    --version 1.17.3 \
     --namespace kube-system \
     --set ipam.mode=kubernetes \
     --set hubble.relay.enabled=true \
     --set hubble.ui.enabled=true \
+    --set l2announcements.enabled=true \
     --set kubeProxyReplacement=true \
     --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
     --set cgroup.autoMount.enabled=false \
     --set cgroup.hostRoot=/sys/fs/cgroup \
     --set k8sServiceHost=localhost \
-    --set k8sServicePort=7445 > cilium.yaml
+    --set k8sServicePort=7445 | sed 's/^/        /' > manifest.tmp
+
+sed -e '/__CILIUM_MANIFEST__/r manifest.tmp' -e '/__CILIUM_MANIFEST__/d' template.yaml > cilium.yaml
+
+rm manifest.tmp
+rm template.yaml