Add support for cilium ipsec (#7342)

* Add support for cilium ipsec

* Fix typo for bpffs

roles/network_plugin/cilium/templates/cilium-config.yml.j2

@@ -155,3 +155,10 @@ data:
   hubble-metrics-server: ":9091"
 {% endif %}
 {% endif %}
+
+  # IPsec based transparent encryption between nodes
+{% if cilium_ipsec_enabled %}
+  enable-ipsec: "true"
+  ipsec-key-file: /etc/ipsec/keys
+  encrypt-node: "false"
+{% endif %}

roles/network_plugin/cilium/templates/cilium-ds.yml.j2

@@ -166,6 +166,11 @@ spec:
           readOnly: true
         - mountPath: /run/xtables.lock
           name: xtables-lock
+{% if cilium_ipsec_enabled %}
+        - mountPath: /etc/ipsec
+          name: cilium-ipsec-secrets
+          readOnly: true
+{% endif %}
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
       hostPID: false
@@ -280,6 +285,11 @@ spec:
       - configMap:
           name: cilium-config
         name: cilium-config-path
+{% if cilium_ipsec_enabled %}
+      - name: cilium-ipsec-secrets
+        secret:
+          secretName: cilium-ipsec-keys
+{% endif %}
   updateStrategy:
     rollingUpdate:
       # Specifies the maximum number of Pods that can be unavailable during the update process.

roles/network_plugin/cilium/templates/cilium-secret.yml.j2

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+data:
+  keys: {{ cilium_ipsec_key }}
+kind: Secret
+metadata:
+  name: cilium-ipsec-keys
+  namespace: kube-system
+type: Opaque