Enable wireguard in calico-node if it is enabled

2020-10-11 15:42:17 +09:00 · 2020-10-11 15:42:17 +09:00 · 7ad4815fc9
parent 4e4c4a1e16
commit 7ad4815fc9
3 changed files with 7 additions and 1 deletions
--- a/upup/models/bindata.go
+++ b/upup/models/bindata.go
@ -13100,6 +13100,9 @@ spec:
            # Enable / Disable source/destination checks in AWS
            - name: FELIX_AWSSRCDSTCHECK
              value: "{{- if and (eq .CloudProvider "aws") (.Networking.Calico.CrossSubnet) -}}Disable{{- else -}} {{- or .Networking.Calico.AwsSrcDstCheck "DoNothing" -}} {{- end -}}"
+            # Enable WireGuard encryption for all on-the-wire pod-to-pod traffic
+            - name: FELIX_WIREGUARDENABLED
+              value: "{{ .Networking.Calico.WireguardEnabled }}"
          securityContext:
            privileged: true
          resources:
--- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
@ -3937,6 +3937,9 @@ spec:
            # Enable / Disable source/destination checks in AWS
            - name: FELIX_AWSSRCDSTCHECK
              value: "{{- if and (eq .CloudProvider "aws") (.Networking.Calico.CrossSubnet) -}}Disable{{- else -}} {{- or .Networking.Calico.AwsSrcDstCheck "DoNothing" -}} {{- end -}}"
+            # Enable WireGuard encryption for all on-the-wire pod-to-pod traffic
+            - name: FELIX_WIREGUARDENABLED
+              value: "{{ .Networking.Calico.WireguardEnabled }}"
          securityContext:
            privileged: true
          resources:
--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
@ -858,7 +858,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann
 			"k8s-1.7":    "2.6.12-kops.1",
 			"k8s-1.7-v3": "3.8.0-kops.2",
 			"k8s-1.12":   "3.9.6-kops.1",
-			"k8s-1.16":   "3.16.3-kops.1",
+			"k8s-1.16":   "3.16.3-kops.2",
 		}

 		{