From 7ad4815fc9acc89248cef34641fdb766731bf933 Mon Sep 17 00:00:00 2001
From: AkiraFukushima <h3.poteto@gmail.com>
Date: Sun, 11 Oct 2020 15:42:17 +0900
Subject: [PATCH] Enable wireguard in calico-node if it is enabled

---
 upup/models/bindata.go                                         | 3 +++
 .../addons/networking.projectcalico.org/k8s-1.16.yaml.template | 3 +++
 upup/pkg/fi/cloudup/bootstrapchannelbuilder.go                 | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/upup/models/bindata.go b/upup/models/bindata.go
index d19a08d6c1..b40a998f23 100644
--- a/upup/models/bindata.go
+++ b/upup/models/bindata.go
@@ -13100,6 +13100,9 @@ spec:
             # Enable / Disable source/destination checks in AWS
             - name: FELIX_AWSSRCDSTCHECK
               value: "{{- if and (eq .CloudProvider "aws") (.Networking.Calico.CrossSubnet) -}}Disable{{- else -}} {{- or .Networking.Calico.AwsSrcDstCheck "DoNothing" -}} {{- end -}}"
+            # Enable WireGuard encryption for all on-the-wire pod-to-pod traffic
+            - name: FELIX_WIREGUARDENABLED
+              value: "{{ .Networking.Calico.WireguardEnabled }}"
           securityContext:
             privileged: true
           resources:
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
index b7b9cc4c31..0eb2b4e7f5 100644
--- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
@@ -3937,6 +3937,9 @@ spec:
             # Enable / Disable source/destination checks in AWS
             - name: FELIX_AWSSRCDSTCHECK
               value: "{{- if and (eq .CloudProvider "aws") (.Networking.Calico.CrossSubnet) -}}Disable{{- else -}} {{- or .Networking.Calico.AwsSrcDstCheck "DoNothing" -}} {{- end -}}"
+            # Enable WireGuard encryption for all on-the-wire pod-to-pod traffic
+            - name: FELIX_WIREGUARDENABLED
+              value: "{{ .Networking.Calico.WireguardEnabled }}"
           securityContext:
             privileged: true
           resources:
diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
index 0eda37507e..d93772baa1 100644
--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
@@ -858,7 +858,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann
 			"k8s-1.7":    "2.6.12-kops.1",
 			"k8s-1.7-v3": "3.8.0-kops.2",
 			"k8s-1.12":   "3.9.6-kops.1",
-			"k8s-1.16":   "3.16.3-kops.1",
+			"k8s-1.16":   "3.16.3-kops.2",
 		}
 
 		{