diff --git a/cilium-values-virt.yaml b/cilium-values-virt.yaml
new file mode 100644
index 0000000..0feaaba
--- /dev/null
+++ b/cilium-values-virt.yaml
@@ -0,0 +1,97 @@
+upgradeCompatibility: "1.16"
+cluster:
+  name: virt-cluster
+  id: 1
+
+kubeProxyReplacement: true
+
+# Talos specific
+k8sServiceHost: localhost
+k8sServicePort: 7445
+securityContext:
+  capabilities:
+    ciliumAgent: [ CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID ]
+    cleanCiliumState: [ NET_ADMIN, SYS_ADMIN, SYS_RESOURCE ]
+
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+
+# https://docs.cilium.io/en/stable/network/concepts/ipam/
+ipam:
+  mode: kubernetes
+
+devices: [ eth0, br0 ]
+operator:
+  rollOutPods: true
+  resources:
+    limits:
+      cpu: 500m
+      memory: 256Mi
+    requests:
+      cpu: 50m
+      memory: 128Mi
+
+# Roll out cilium agent pods automatically when ConfigMap is updated.
+rollOutCiliumPods: true
+resources:
+  limits:
+    cpu: 1000m
+    memory: 1Gi
+  requests:
+    cpu: 200m
+    memory: 512Mi
+
+#debug:
+#  enabled: true
+
+# Increase rate limit when doing L2 announcements
+#k8sClientRateLimit:
+#  qps: 20
+#  burst: 100
+
+# l2announcements:
+#   enabled: true
+
+externalIPs:
+  enabled: true
+
+enableCiliumEndpointSlice: true
+
+ipv6:
+  enabled: true
+
+
+loadBalancer:
+  # https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#maglev-consistent-hashing
+  algorithm: maglev
+
+gatewayAPI:
+  enabled: false # We disable gatewayAPI for now
+
+# envoy: # Because we disable gatewayAPI, we also don´t need envoy for now. 
+#   securityContext:
+#     capabilities:
+#       keepCapNetBindService: true
+#       envoy: [ NET_ADMIN, PERFMON, SYS_ADMIN, BPF ]
+
+
+# ingressController:
+#   enabled: true
+#   default: true
+#   loadbalancerMode: dedicated
+#   service:
+#     annotations:
+#       io.cilium/lb-ipam-ips: "10.99.101.50 2a02:a44d:67b4:501:ffff::"
+#     labels:
+#       network-announcement: "l2"
+
+hubble:
+  enabled: true
+  relay:
+    enabled: true
+    rollOutPods: true
+  ui:
+    enabled: true
+    rollOutPods: true
diff --git a/cilium-values.yaml b/cilium-values.yaml
index d3cf970..9e2a0af 100644
--- a/cilium-values.yaml
+++ b/cilium-values.yaml
@@ -1,3 +1,4 @@
+upgradeCompatibility: "1.16"
 cluster:
   name: kube-cluster
   id: 1
@@ -68,13 +69,15 @@ loadBalancer:
 
 gatewayAPI:
   enabled: true
-#  externalTrafficPolicy: Cluster
 
 envoy:
   securityContext:
     capabilities:
       keepCapNetBindService: true
-      envoy: [ NET_ADMIN, PERFMON, BPF ]
+      envoy: [ NET_ADMIN, PERFMON, SYS_ADMIN, BPF ]
+  debug:
+    admin:
+      enabled: true
 
 # ingressController:
 #   enabled: true