templates: fix CAPL dual-stack Cilium nodeport config (#1050)

Upgrade the shared Cilium chart default to 1.18.7 and update the kubeadm dual-stack flavor to render explicit multi-NIC nodePort settings in the Cilium values template.

Replace the old IPv4-only --nodeport-addresses flag with nodePort.addresses for both 0.0.0.0/0 and ::/0, add explicit devices for eth0 and eth1, and set directRoutingDevice to eth0.

This fixes the public IPv6 NodePort datapath in generated CAPL manifests. With the dual-stack values rendered directly in the template, all intended datapaths should now be covered by the generated config.

Author: komer3

templates/addons/cilium/cilium.yaml

@@ -9,7 +9,7 @@ spec:
   repoURL: https://helm.cilium.io/
   chartName: cilium
   namespace: kube-system
-  version: ${CILIUM_VERSION:=1.18.4}
+  version: ${CILIUM_VERSION:=1.18.7}
   options:
     waitForJobs: true
     wait: true

templates/flavors/kubeadm/dual-stack/kustomization.yaml

@@ -95,6 +95,14 @@ patches:
           bgpControlPlane:
             enabled: true
           routingMode: native
+          devices:
+            - eth0
+            - eth1
+          nodePort:
+            addresses:
+              - 0.0.0.0/0
+              - ::/0
+            directRoutingDevice: eth0
           kubeProxyReplacement: true
           ipv4NativeRoutingCIDR: ${VPC_NETWORK_CIDR:=10.0.0.0/8}
           ipv6NativeRoutingCIDR: ::/0
@@ -108,8 +116,6 @@ patches:
             allow-localhost: policy
           k8sServiceHost: {{ .InfraCluster.spec.controlPlaneEndpoint.host }}
           k8sServicePort: {{ .InfraCluster.spec.controlPlaneEndpoint.port }}
-          extraArgs:
-          - --nodeport-addresses=0.0.0.0/0
           ipam:
             mode: kubernetes
           ipv4: