We 1. tell Cilium not to drop it's own config via the CILIUM_CNI_CONF
env, and 2. Update the postStart
lifecycle hook where Cilium does a /cni-install.sh
already, to include the writing of a CNI config enabling portmap.
kubectl edit ds cilium -n kube-system
Add this under the container env
# We drop our own CNI config with portmap enabled, so this tells
# Cilium not to write one.