From 976e3c1f133c491fef97e3a11a15530836516997 Mon Sep 17 00:00:00 2001
From: zhengtianbao <china.zhengtianbao@gmail.com>
Date: Thu, 4 Nov 2021 14:14:55 +0800
Subject: [PATCH 1/2] Add option to set allow_ip_forwarding for the calico
 network

---
 pkg/apis/kops/networking.go                                  | 3 +++
 pkg/apis/kops/v1alpha2/networking.go                         | 3 +++
 pkg/apis/kops/v1alpha3/networking.go                         | 3 +++
 .../networking.projectcalico.org/k8s-1.16.yaml.template      | 5 +++++
 4 files changed, 14 insertions(+)

diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go
index 20259f1cb6..dd9fca2f70 100644
--- a/pkg/apis/kops/networking.go
+++ b/pkg/apis/kops/networking.go
@@ -106,6 +106,9 @@ type CalicoNetworkingSpec struct {
 	// Version overrides the Calico container image tag.
 	Version string `json:"version,omitempty"`
 
+	// AllowIPForwarding enable ip_forwarding setting within the container namespace.
+	// (default: false)
+	AllowIPForwarding bool `json:"allowIPForwarding,omitempty"`
 	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
 	// Options: Disable (default), Enable, or DoNothing
 	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go
index a07b9a1ab5..9b93ae3026 100644
--- a/pkg/apis/kops/v1alpha2/networking.go
+++ b/pkg/apis/kops/v1alpha2/networking.go
@@ -109,6 +109,9 @@ type CalicoNetworkingSpec struct {
 	// Version overrides the Calico container image tag.
 	Version string `json:"version,omitempty"`
 
+	// AllowIPForwarding enable ip_forwarding setting within the container namespace.
+	// (default: false)
+	AllowIPForwarding bool `json:"allowIPForwarding,omitempty"`
 	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
 	// Options: Disable (default), Enable, or DoNothing
 	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
diff --git a/pkg/apis/kops/v1alpha3/networking.go b/pkg/apis/kops/v1alpha3/networking.go
index f40770619c..aaf39d4c84 100644
--- a/pkg/apis/kops/v1alpha3/networking.go
+++ b/pkg/apis/kops/v1alpha3/networking.go
@@ -104,6 +104,9 @@ type CalicoNetworkingSpec struct {
 	// Version overrides the Calico container image tag.
 	Version string `json:"version,omitempty"`
 
+	// AllowIPForwarding enable ip_forwarding setting within the container namespace.
+	// (default: false)
+	AllowIPForwarding bool `json:"allowIPForwarding,omitempty"`
 	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
 	// Options: Disable (default), Enable, or DoNothing
 	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
index d0775bffbe..0a5894e2d3 100644
--- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
@@ -61,6 +61,11 @@ data:
               "type": "calico-ipam"
               {{- end }}
           },
+          {{- if .Networking.Calico.AllowIPForwarding }}
+          "container_settings": {
+              "allow_ip_forwarding": true
+          },
+          {{- end }}
           "policy": {
               "type": "k8s"
           },

From 0c1329287ae3e04969f8478699825814b9e1ab22 Mon Sep 17 00:00:00 2001
From: zhengtianbao <china.zhengtianbao@gmail.com>
Date: Thu, 4 Nov 2021 14:32:54 +0800
Subject: [PATCH 2/2] Update automatically generated files

---
 k8s/crds/kops.k8s.io_clusters.yaml                | 4 ++++
 pkg/apis/kops/v1alpha2/zz_generated.conversion.go | 2 ++
 pkg/apis/kops/v1alpha3/zz_generated.conversion.go | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
index 4d22854a6b..da7ccd0a25 100644
--- a/k8s/crds/kops.k8s.io_clusters.yaml
+++ b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -4209,6 +4209,10 @@ spec:
                     description: CalicoNetworkingSpec declares that we want Calico
                       networking
                     properties:
+                      allowIPForwarding:
+                        description: 'AllowIPForwarding enable ip_forwarding setting
+                          within the container namespace. (default: false)'
+                        type: boolean
                       awsSrcDstCheck:
                         description: 'AWSSrcDstCheck enables/disables ENI source/destination
                           checks (AWS only) Options: Disable (default), Enable, or
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
index 082954ede2..ba16034909 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@@ -1708,6 +1708,7 @@ func Convert_kops_CNINetworkingSpec_To_v1alpha2_CNINetworkingSpec(in *kops.CNINe
 func autoConvert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *CalicoNetworkingSpec, out *kops.CalicoNetworkingSpec, s conversion.Scope) error {
 	out.Registry = in.Registry
 	out.Version = in.Version
+	out.AllowIPForwarding = in.AllowIPForwarding
 	out.AWSSrcDstCheck = in.AWSSrcDstCheck
 	out.BPFEnabled = in.BPFEnabled
 	out.BPFExternalServiceMode = in.BPFExternalServiceMode
@@ -1744,6 +1745,7 @@ func Convert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *Cali
 func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha2_CalicoNetworkingSpec(in *kops.CalicoNetworkingSpec, out *CalicoNetworkingSpec, s conversion.Scope) error {
 	out.Registry = in.Registry
 	out.Version = in.Version
+	out.AllowIPForwarding = in.AllowIPForwarding
 	out.AWSSrcDstCheck = in.AWSSrcDstCheck
 	out.BPFEnabled = in.BPFEnabled
 	out.BPFExternalServiceMode = in.BPFExternalServiceMode
diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
index 2fb53bd8c7..6c2243a787 100644
--- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
@@ -1658,6 +1658,7 @@ func Convert_kops_CNINetworkingSpec_To_v1alpha3_CNINetworkingSpec(in *kops.CNINe
 func autoConvert_v1alpha3_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *CalicoNetworkingSpec, out *kops.CalicoNetworkingSpec, s conversion.Scope) error {
 	out.Registry = in.Registry
 	out.Version = in.Version
+	out.AllowIPForwarding = in.AllowIPForwarding
 	out.AWSSrcDstCheck = in.AWSSrcDstCheck
 	out.BPFEnabled = in.BPFEnabled
 	out.BPFExternalServiceMode = in.BPFExternalServiceMode
@@ -1693,6 +1694,7 @@ func Convert_v1alpha3_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *Cali
 func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha3_CalicoNetworkingSpec(in *kops.CalicoNetworkingSpec, out *CalicoNetworkingSpec, s conversion.Scope) error {
 	out.Registry = in.Registry
 	out.Version = in.Version
+	out.AllowIPForwarding = in.AllowIPForwarding
 	out.AWSSrcDstCheck = in.AWSSrcDstCheck
 	out.BPFEnabled = in.BPFEnabled
 	out.BPFExternalServiceMode = in.BPFExternalServiceMode