WIP: updateirbekrm/egressc

Signed-off-by: Irbe Krumina <irbe@tailscale.com>

2 files changed, 9 insertions, 5 deletions

diff --git a/cmd/containerboot/egresscoalesce.md b/cmd/containerboot/egresscoalesce.md
index 5eb5f03e6..ecd6c0fe5 100644
--- a/cmd/containerboot/egresscoalesce.md
+++ b/cmd/containerboot/egresscoalesce.md
@@ -45,4 +45,10 @@ Also:
 
 ## Next steps:
 
-- try to figure out if the same can be achieved with a smaller number of Tailscale Pods. The problem there is how to set up routing to Pods across hosts
\ No newline at end of file
+- try to figure out if the same can be achieved with a smaller number of Tailscale Pods. The problem there is how to set up routing to Pods across hosts
+
+## Caveats
+
+- does not work with Cilium in kube-proxy replacement mode
+
+- not easily extensible to route to instances behind a subnet router (possibly a routing loop)
diff --git a/egressc.yaml b/egressc.yaml
index 3eb4ecd22..f08074fd3 100644
--- a/egressc.yaml
+++ b/egressc.yaml
@@ -71,13 +71,11 @@ spec:
           value: "true"
         - name: TS_EGRESS_RANGE
           value: "100.64.0.0/10"
-        image: gcr.io/csi-test-290908/proxy:v0.0.13arp # publicly available image built from this branch
+        image: europe-west2-docker.pkg.dev/tailscale-sandbox/irbe-images/proxy:v0.0.17arp
         imagePullPolicy: IfNotPresent 
         name: tailscale
         securityContext:
-          capabilities:
-            add:
-            - NET_ADMIN
+          privileged: true
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role