Merge pull request #18152 from rifelpet/cilium-enable-host-firewall

Add EnableHostFirewall field to CiliumNetworkingSpec

Author: k8s-ci-robot

k8s/crds/kops.k8s.io_clusters.yaml

@@ -5598,6 +5598,11 @@ spec:
                           EnableEndpointHealthChecking enables connectivity health checking between virtual endpoints.
                           Default: true
                         type: boolean
+                      enableHostFirewall:
+                        description: |-
+                          EnableHostFirewall enables the host firewall in the Cilium agent.
+                          Default: false
+                        type: boolean
                       enableHostReachableServices:
                         description: |-
                           EnableHostReachableServices configures Cilium to enable services to be

pkg/apis/kops/networking.go

@@ -397,6 +397,9 @@ type CiliumNetworkingSpec struct {
 	// EnableEndpointHealthChecking enables connectivity health checking between virtual endpoints.
 	// Default: true
 	EnableEndpointHealthChecking *bool `json:"enableEndpointHealthChecking,omitempty"`
+	// EnableHostFirewall enables the host firewall in the Cilium agent.
+	// Default: false
+	EnableHostFirewall *bool `json:"enableHostFirewall,omitempty"`
 	// EnablePrometheusMetrics enables the Cilium "/metrics" endpoint for both the agent and the operator.
 	EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"`
 	// EnableEncryption enables Cilium Encryption.

pkg/apis/kops/v1alpha2/networking.go

@@ -395,6 +395,9 @@ type CiliumNetworkingSpec struct {
 	// EnableEndpointHealthChecking enables connectivity health checking between virtual endpoints.
 	// Default: true
 	EnableEndpointHealthChecking *bool `json:"enableEndpointHealthChecking,omitempty"`
+	// EnableHostFirewall enables the host firewall in the Cilium agent.
+	// Default: false
+	EnableHostFirewall *bool `json:"enableHostFirewall,omitempty"`
 	// EnableTracing is unused.
 	// +k8s:conversion-gen=false
 	EnableTracing bool `json:"enableTracing,omitempty"`

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -345,6 +345,9 @@ type CiliumNetworkingSpec struct {
 	// EnableEndpointHealthChecking enables connectivity health checking between virtual endpoints.
 	// Default: true
 	EnableEndpointHealthChecking *bool `json:"enableEndpointHealthChecking,omitempty"`
+	// EnableHostFirewall enables the host firewall in the Cilium agent.
+	// Default: false
+	EnableHostFirewall *bool `json:"enableHostFirewall,omitempty"`
 	// EnablePrometheusMetrics enables the Cilium "/metrics" endpoint for both the agent and the operator.
 	EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"`
 	// EnableEncryption enables Cilium Encryption.

pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go

@@ -47,6 +47,10 @@ func (b *CiliumOptionsBuilder) BuildOptions(o *kops.Cluster) error {
 		c.EnableEndpointHealthChecking = fi.PtrTo(true)
 	}
 
+	if c.EnableHostFirewall == nil {
+		c.EnableHostFirewall = fi.PtrTo(false)
+	}
+
 	if c.IdentityAllocationMode == "" {
 		c.IdentityAllocationMode = "crd"
 	}