From 8bbc0e00e573fa76904eee66b18fa532ed393213 Mon Sep 17 00:00:00 2001 From: John Gardiner Myers Date: Thu, 25 Nov 2021 14:10:56 -0800 Subject: [PATCH] Change DisableFlannelForwardRules to match upstream naming in v1alpha3 --- pkg/apis/kops/networking.go | 6 +- pkg/apis/kops/v1alpha2/conversion.go | 22 +++++ pkg/apis/kops/v1alpha2/networking.go | 2 +- .../kops/v1alpha2/zz_generated.conversion.go | 34 +++---- .../kops/v1alpha2/zz_generated.deepcopy.go | 5 + pkg/apis/kops/v1alpha3/networking.go | 6 +- .../kops/v1alpha3/zz_generated.conversion.go | 4 +- .../kops/v1alpha3/zz_generated.deepcopy.go | 5 + pkg/apis/kops/zz_generated.deepcopy.go | 5 + tests/integration/conversion/BUILD.bazel | 1 + .../conversion/canal/v1alpha2.yaml | 92 +++++++++++++++++++ .../conversion/canal/v1alpha3.yaml | 91 ++++++++++++++++++ .../conversion/integration_test.go | 5 + .../k8s-1.16.yaml.template | 2 +- .../k8s-1.22.yaml.template | 2 +- 15 files changed, 249 insertions(+), 33 deletions(-) create mode 100644 tests/integration/conversion/canal/v1alpha2.yaml create mode 100644 tests/integration/conversion/canal/v1alpha3.yaml diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index 83c5100893..c129e40e3f 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -207,9 +207,9 @@ type CanalNetworkingSpec struct { // for traffic between pod to host after calico rules have been processed. // Default: ACCEPT (other options: DROP, RETURN) DefaultEndpointToHostAction string `json:"defaultEndpointToHostAction,omitempty"` - // DisableFlannelForwardRules configures Flannel to NOT add the - // default ACCEPT traffic rules to the iptables FORWARD chain - DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"` + // FlanneldIptablesForwardRules configures Flannel to add the + // default ACCEPT traffic rules to the iptables FORWARD chain. (default: true) + FlanneldIptablesForwardRules *bool `json:"flanneldIptablesForwardRules,omitempty"` // IptablesBackend controls which variant of iptables binary Felix uses // Default: Auto (other options: Legacy, NFT) IptablesBackend string `json:"iptablesBackend,omitempty"` diff --git a/pkg/apis/kops/v1alpha2/conversion.go b/pkg/apis/kops/v1alpha2/conversion.go index ffb262fed3..b37346ac43 100644 --- a/pkg/apis/kops/v1alpha2/conversion.go +++ b/pkg/apis/kops/v1alpha2/conversion.go @@ -22,6 +22,28 @@ import ( "k8s.io/kops/pkg/values" ) +// Convert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec is an autogenerated conversion function. +func Convert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *CanalNetworkingSpec, out *kops.CanalNetworkingSpec, s conversion.Scope) error { + if err := autoConvert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in, out, s); err != nil { + return err + } + if in.FlanneldIptablesForwardRules != nil { + out.FlanneldIptablesForwardRules = values.Bool(!*in.FlanneldIptablesForwardRules) + } + return nil +} + +// Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec is an autogenerated conversion function. +func Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *kops.CanalNetworkingSpec, out *CanalNetworkingSpec, s conversion.Scope) error { + if err := autoConvert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in, out, s); err != nil { + return err + } + if in.FlanneldIptablesForwardRules != nil { + out.FlanneldIptablesForwardRules = values.Bool(!*in.FlanneldIptablesForwardRules) + } + return nil +} + func Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *kops.ClusterSpec, s conversion.Scope) error { if err := autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in, out, s); err != nil { return err diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go index fd941f5248..b527349f46 100644 --- a/pkg/apis/kops/v1alpha2/networking.go +++ b/pkg/apis/kops/v1alpha2/networking.go @@ -215,7 +215,7 @@ type CanalNetworkingSpec struct { DefaultEndpointToHostAction string `json:"defaultEndpointToHostAction,omitempty"` // DisableFlannelForwardRules configures Flannel to NOT add the // default ACCEPT traffic rules to the iptables FORWARD chain - DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"` + FlanneldIptablesForwardRules *bool `json:"disableFlannelForwardRules,omitempty"` // DisableTxChecksumOffloading is unused. // +k8s:conversion-gen=false DisableTxChecksumOffloading bool `json:"disableTxChecksumOffloading,omitempty"` diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 5c3892e41a..1f0570ce40 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -214,16 +214,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*CanalNetworkingSpec)(nil), (*kops.CanalNetworkingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(a.(*CanalNetworkingSpec), b.(*kops.CanalNetworkingSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*kops.CanalNetworkingSpec)(nil), (*CanalNetworkingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(a.(*kops.CanalNetworkingSpec), b.(*CanalNetworkingSpec), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*CertManagerConfig)(nil), (*kops.CertManagerConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_CertManagerConfig_To_kops_CertManagerConfig(a.(*CertManagerConfig), b.(*kops.CertManagerConfig), scope) }); err != nil { @@ -1134,6 +1124,11 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((*kops.CanalNetworkingSpec)(nil), (*CanalNetworkingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(a.(*kops.CanalNetworkingSpec), b.(*CanalNetworkingSpec), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*kops.ClusterSpec)(nil), (*ClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(a.(*kops.ClusterSpec), b.(*ClusterSpec), scope) }); err != nil { @@ -1144,6 +1139,11 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((*CanalNetworkingSpec)(nil), (*kops.CanalNetworkingSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(a.(*CanalNetworkingSpec), b.(*kops.CanalNetworkingSpec), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*ClusterSpec)(nil), (*kops.ClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(a.(*ClusterSpec), b.(*kops.ClusterSpec), scope) }); err != nil { @@ -1782,7 +1782,7 @@ func autoConvert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *Ca out.ChainInsertMode = in.ChainInsertMode out.CPURequest = in.CPURequest out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction - out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.FlanneldIptablesForwardRules = in.FlanneldIptablesForwardRules // INFO: in.DisableTxChecksumOffloading opted out of conversion generation out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys @@ -1797,16 +1797,11 @@ func autoConvert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *Ca return nil } -// Convert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec is an autogenerated conversion function. -func Convert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *CanalNetworkingSpec, out *kops.CanalNetworkingSpec, s conversion.Scope) error { - return autoConvert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in, out, s) -} - func autoConvert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *kops.CanalNetworkingSpec, out *CanalNetworkingSpec, s conversion.Scope) error { out.ChainInsertMode = in.ChainInsertMode out.CPURequest = in.CPURequest out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction - out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.FlanneldIptablesForwardRules = in.FlanneldIptablesForwardRules out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys out.MTU = in.MTU @@ -1820,11 +1815,6 @@ func autoConvert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *ko return nil } -// Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec is an autogenerated conversion function. -func Convert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *kops.CanalNetworkingSpec, out *CanalNetworkingSpec, s conversion.Scope) error { - return autoConvert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in, out, s) -} - func autoConvert_v1alpha2_CertManagerConfig_To_kops_CertManagerConfig(in *CertManagerConfig, out *kops.CertManagerConfig, s conversion.Scope) error { out.Enabled = in.Enabled out.Managed = in.Managed diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index ba8628e790..d15057c78b 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -466,6 +466,11 @@ func (in *CanalNetworkingSpec) DeepCopyInto(out *CanalNetworkingSpec) { x := (*in).DeepCopy() *out = &x } + if in.FlanneldIptablesForwardRules != nil { + in, out := &in.FlanneldIptablesForwardRules, &out.FlanneldIptablesForwardRules + *out = new(bool) + **out = **in + } if in.MTU != nil { in, out := &in.MTU, &out.MTU *out = new(int32) diff --git a/pkg/apis/kops/v1alpha3/networking.go b/pkg/apis/kops/v1alpha3/networking.go index 540e09ccc2..8cf2fb7776 100644 --- a/pkg/apis/kops/v1alpha3/networking.go +++ b/pkg/apis/kops/v1alpha3/networking.go @@ -205,9 +205,9 @@ type CanalNetworkingSpec struct { // for traffic between pod to host after calico rules have been processed. // Default: ACCEPT (other options: DROP, RETURN) DefaultEndpointToHostAction string `json:"defaultEndpointToHostAction,omitempty"` - // DisableFlannelForwardRules configures Flannel to NOT add the - // default ACCEPT traffic rules to the iptables FORWARD chain - DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"` + // FlanneldIptablesForwardRules configures Flannel to add the + // default ACCEPT traffic rules to the iptables FORWARD chain. (default: true) + FlanneldIptablesForwardRules *bool `json:"flanneldIptablesForwardRules,omitempty"` // IptablesBackend controls which variant of iptables binary Felix uses // Default: Auto (other options: Legacy, NFT) IptablesBackend string `json:"iptablesBackend,omitempty"` diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go index 7ef343fd41..4f2306c4d4 100644 --- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go @@ -1731,7 +1731,7 @@ func autoConvert_v1alpha3_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *Ca out.ChainInsertMode = in.ChainInsertMode out.CPURequest = in.CPURequest out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction - out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.FlanneldIptablesForwardRules = in.FlanneldIptablesForwardRules out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys out.MTU = in.MTU @@ -1754,7 +1754,7 @@ func autoConvert_kops_CanalNetworkingSpec_To_v1alpha3_CanalNetworkingSpec(in *ko out.ChainInsertMode = in.ChainInsertMode out.CPURequest = in.CPURequest out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction - out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.FlanneldIptablesForwardRules = in.FlanneldIptablesForwardRules out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys out.MTU = in.MTU diff --git a/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go index cfbc83f059..e953987536 100644 --- a/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go @@ -467,6 +467,11 @@ func (in *CanalNetworkingSpec) DeepCopyInto(out *CanalNetworkingSpec) { x := (*in).DeepCopy() *out = &x } + if in.FlanneldIptablesForwardRules != nil { + in, out := &in.FlanneldIptablesForwardRules, &out.FlanneldIptablesForwardRules + *out = new(bool) + **out = **in + } if in.MTU != nil { in, out := &in.MTU, &out.MTU *out = new(int32) diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index 5db1b0e5de..779f214610 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -466,6 +466,11 @@ func (in *CanalNetworkingSpec) DeepCopyInto(out *CanalNetworkingSpec) { x := (*in).DeepCopy() *out = &x } + if in.FlanneldIptablesForwardRules != nil { + in, out := &in.FlanneldIptablesForwardRules, &out.FlanneldIptablesForwardRules + *out = new(bool) + **out = **in + } if in.MTU != nil { in, out := &in.MTU, &out.MTU *out = new(int32) diff --git a/tests/integration/conversion/BUILD.bazel b/tests/integration/conversion/BUILD.bazel index 14e207e2e7..42b2907aed 100644 --- a/tests/integration/conversion/BUILD.bazel +++ b/tests/integration/conversion/BUILD.bazel @@ -20,6 +20,7 @@ filegroup( name = "exported_testdata", srcs = glob([ "aws/**", + "canal/**", "minimal/**", ]), visibility = ["//visibility:public"], diff --git a/tests/integration/conversion/canal/v1alpha2.yaml b/tests/integration/conversion/canal/v1alpha2.yaml new file mode 100644 index 0000000000..33dd1f0783 --- /dev/null +++ b/tests/integration/conversion/canal/v1alpha2.yaml @@ -0,0 +1,92 @@ +apiVersion: kops.k8s.io/v1alpha2 +kind: Cluster +metadata: + creationTimestamp: "2016-12-10T22:42:27Z" + name: minimal.example.com +spec: + additionalSans: + - proxy.api.minimal.example.com + addons: + - manifest: s3://somebucket/example.yaml + api: + dns: {} + authorization: + alwaysAllow: {} + channel: stable + cloudProvider: aws + configBase: memfs://clusters.example.com/minimal.example.com + etcdClusters: + - cpuRequest: 200m + etcdMembers: + - instanceGroup: master-us-test-1a + name: us-test-1a + memoryRequest: 100Mi + name: main + - cpuRequest: 200m + etcdMembers: + - instanceGroup: master-us-test-1a + name: us-test-1a + memoryRequest: 100Mi + name: events + iam: + legacy: false + kubernetesApiAccess: + - 0.0.0.0/0 + kubernetesVersion: v1.14.0 + masterInternalName: api.internal.minimal.example.com + masterPublicName: api.minimal.example.com + networkCIDR: 172.20.0.0/16 + networking: + canal: + disableFlannelForwardRules: true + nonMasqueradeCIDR: 100.64.0.0/10 + sshAccess: + - 0.0.0.0/0 + subnets: + - cidr: 172.20.32.0/19 + name: us-test-1a + type: Public + zone: us-test-1a + topology: + dns: + type: Public + masters: public + nodes: public + +--- + +apiVersion: kops.k8s.io/v1alpha2 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-10T22:42:28Z" + labels: + kops.k8s.io/cluster: minimal.example.com + name: nodes +spec: + associatePublicIp: true + image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 + machineType: t2.medium + maxSize: 2 + minSize: 2 + role: Node + subnets: + - us-test-1a + +--- + +apiVersion: kops.k8s.io/v1alpha2 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-10T22:42:28Z" + labels: + kops.k8s.io/cluster: minimal.example.com + name: master-us-test-1a +spec: + associatePublicIp: true + image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 + machineType: m3.medium + maxSize: 1 + minSize: 1 + role: Master + subnets: + - us-test-1a diff --git a/tests/integration/conversion/canal/v1alpha3.yaml b/tests/integration/conversion/canal/v1alpha3.yaml new file mode 100644 index 0000000000..8db9682c35 --- /dev/null +++ b/tests/integration/conversion/canal/v1alpha3.yaml @@ -0,0 +1,91 @@ +apiVersion: kops.k8s.io/v1alpha3 +kind: Cluster +metadata: + creationTimestamp: "2016-12-10T22:42:27Z" + name: minimal.example.com +spec: + additionalSANs: + - proxy.api.minimal.example.com + addons: + - manifest: s3://somebucket/example.yaml + api: + dns: {} + authorization: + alwaysAllow: {} + channel: stable + cloudProvider: aws + configBase: memfs://clusters.example.com/minimal.example.com + etcdClusters: + - cpuRequest: 200m + etcdMembers: + - instanceGroup: master-us-test-1a + name: us-test-1a + memoryRequest: 100Mi + name: main + - cpuRequest: 200m + etcdMembers: + - instanceGroup: master-us-test-1a + name: us-test-1a + memoryRequest: 100Mi + name: events + iam: {} + kubernetesAPIAccess: + - 0.0.0.0/0 + kubernetesVersion: v1.14.0 + masterInternalName: api.internal.minimal.example.com + masterPublicName: api.minimal.example.com + networkCIDR: 172.20.0.0/16 + networking: + canal: + flanneldIptablesForwardRules: false + nonMasqueradeCIDR: 100.64.0.0/10 + sshAccess: + - 0.0.0.0/0 + subnets: + - cidr: 172.20.32.0/19 + name: us-test-1a + type: Public + zone: us-test-1a + topology: + dns: + type: Public + masters: public + nodes: public + +--- + +apiVersion: kops.k8s.io/v1alpha3 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-10T22:42:28Z" + labels: + kops.k8s.io/cluster: minimal.example.com + name: nodes +spec: + associatePublicIP: true + image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 + machineType: t2.medium + maxSize: 2 + minSize: 2 + role: Node + subnets: + - us-test-1a + +--- + +apiVersion: kops.k8s.io/v1alpha3 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-10T22:42:28Z" + labels: + kops.k8s.io/cluster: minimal.example.com + name: master-us-test-1a +spec: + associatePublicIP: true + image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 + machineType: m3.medium + maxSize: 1 + minSize: 1 + role: Master + subnets: + - us-test-1a diff --git a/tests/integration/conversion/integration_test.go b/tests/integration/conversion/integration_test.go index c18ba0a387..50a195af9f 100644 --- a/tests/integration/conversion/integration_test.go +++ b/tests/integration/conversion/integration_test.go @@ -43,6 +43,11 @@ func TestConversionAWS(t *testing.T) { runTest(t, "aws", "v1alpha3", "v1alpha2") } +func TestConversionCanal(t *testing.T) { + runTest(t, "canal", "v1alpha2", "v1alpha3") + runTest(t, "canal", "v1alpha3", "v1alpha2") +} + func runTest(t *testing.T, srcDir string, fromVersion string, toVersion string) { t.Run(fromVersion+"-"+toVersion, func(t *testing.T) { sourcePath := path.Join(srcDir, fromVersion+".yaml") diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template index fcc5c6a2ff..0dd290899b 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.16.yaml.template @@ -800,7 +800,7 @@ spec: configMapKeyRef: name: canal-config key: masquerade - {{- if eq .Networking.Canal.DisableFlannelForwardRules true }} + {{- if not (WithDefaultBool .Networking.Canal.FlanneldIptablesForwardRules true) }} - name: FLANNELD_IPTABLES_FORWARD_RULES value: "false" {{- end }} diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template index e93f9d2be9..cb7fef2412 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template @@ -4464,7 +4464,7 @@ spec: configMapKeyRef: name: canal-config key: masquerade - {{- if .Networking.Canal.DisableFlannelForwardRules }} + {{- if not (WithDefaultBool .Networking.Canal.FlanneldIptablesForwardRules true) }} - name: FLANNELD_IPTABLES_FORWARD_RULES value: "false" {{- end }}