From 976e3c1f133c491fef97e3a11a15530836516997 Mon Sep 17 00:00:00 2001
From: zhengtianbao <china.zhengtianbao@gmail.com>
Date: Thu, 4 Nov 2021 14:14:55 +0800
Subject: [PATCH] Add option to set allow_ip_forwarding for the calico network

---
 pkg/apis/kops/networking.go                                  | 3 +++
 pkg/apis/kops/v1alpha2/networking.go                         | 3 +++
 pkg/apis/kops/v1alpha3/networking.go                         | 3 +++
 .../networking.projectcalico.org/k8s-1.16.yaml.template      | 5 +++++
 4 files changed, 14 insertions(+)

diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go
index 20259f1cb6..dd9fca2f70 100644
--- a/pkg/apis/kops/networking.go
+++ b/pkg/apis/kops/networking.go
@@ -106,6 +106,9 @@ type CalicoNetworkingSpec struct {
 	// Version overrides the Calico container image tag.
 	Version string `json:"version,omitempty"`
 
+	// AllowIPForwarding enable ip_forwarding setting within the container namespace.
+	// (default: false)
+	AllowIPForwarding bool `json:"allowIPForwarding,omitempty"`
 	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
 	// Options: Disable (default), Enable, or DoNothing
 	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go
index a07b9a1ab5..9b93ae3026 100644
--- a/pkg/apis/kops/v1alpha2/networking.go
+++ b/pkg/apis/kops/v1alpha2/networking.go
@@ -109,6 +109,9 @@ type CalicoNetworkingSpec struct {
 	// Version overrides the Calico container image tag.
 	Version string `json:"version,omitempty"`
 
+	// AllowIPForwarding enable ip_forwarding setting within the container namespace.
+	// (default: false)
+	AllowIPForwarding bool `json:"allowIPForwarding,omitempty"`
 	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
 	// Options: Disable (default), Enable, or DoNothing
 	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
diff --git a/pkg/apis/kops/v1alpha3/networking.go b/pkg/apis/kops/v1alpha3/networking.go
index f40770619c..aaf39d4c84 100644
--- a/pkg/apis/kops/v1alpha3/networking.go
+++ b/pkg/apis/kops/v1alpha3/networking.go
@@ -104,6 +104,9 @@ type CalicoNetworkingSpec struct {
 	// Version overrides the Calico container image tag.
 	Version string `json:"version,omitempty"`
 
+	// AllowIPForwarding enable ip_forwarding setting within the container namespace.
+	// (default: false)
+	AllowIPForwarding bool `json:"allowIPForwarding,omitempty"`
 	// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
 	// Options: Disable (default), Enable, or DoNothing
 	AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
index d0775bffbe..0a5894e2d3 100644
--- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
@@ -61,6 +61,11 @@ data:
               "type": "calico-ipam"
               {{- end }}
           },
+          {{- if .Networking.Calico.AllowIPForwarding }}
+          "container_settings": {
+              "allow_ip_forwarding": true
+          },
+          {{- end }}
           "policy": {
               "type": "k8s"
           },