From bc198e98ef6dd03e07d75ab2eb8b944d10ad3739 Mon Sep 17 00:00:00 2001
From: Nico Berlee <nico.berlee@on2it.net>
Date: Thu, 10 Aug 2023 21:14:49 +0200
Subject: [PATCH] docs: retain cilium autoMount pending upstream hostPath fix

Partial rollback of 76fa45a.

The cilium helm chart requires an fix to handle the hostPath
at /sys/fs/bpf when bpf.autoMount.enabled=false. The earlier commit
disabled bpf automount, removing the init container's mount. Helm
missed adding the hostPath, and neither /sys nor /sys/fs got added.
This made cilium wrongly mount /sys/fs/bpf.

Fixes error message at: https://github.com/siderolabs/talos/pull/7565#issuecomment-1671063014

Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Noel Georgi <git@frezbo.dev>
---
 .../v1.5/kubernetes-guides/network/deploying-cilium.md       | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/website/content/v1.5/kubernetes-guides/network/deploying-cilium.md b/website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
index 54e3d82fbe..2c4726a05c 100644
--- a/website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
+++ b/website/content/v1.5/kubernetes-guides/network/deploying-cilium.md
@@ -90,7 +90,6 @@ cilium install \
     --helm-set=kubeProxyReplacement=strict \
     --helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --helm-set=bpf.autoMount.enabled=false \
     --helm-set=cgroup.autoMount.enabled=false \
     --helm-set=cgroup.hostRoot=/sys/fs/cgroup \
     --helm-set=k8sServiceHost=localhost \
@@ -126,7 +125,6 @@ helm install \
     --set=kubeProxyReplacement=disabled \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup
 ```
@@ -143,7 +141,6 @@ helm install \
     --set=kubeProxyReplacement=strict \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup \
     --set=k8sServiceHost=localhost \
@@ -166,7 +163,6 @@ helm template \
     --set=kubeProxyReplacement=disabled \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup > cilium.yaml
 
@@ -188,7 +184,6 @@ helm template \
     --set=kubeProxyReplacement=strict \
     --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
     --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=bpf.autoMount.enabled=false \
     --set=cgroup.autoMount.enabled=false \
     --set=cgroup.hostRoot=/sys/fs/cgroup \
     --set=k8sServiceHost=localhost \