Merge pull request #8731 from olemarkus/cilium-remote-node-identity

Allow configuration of enable-remote-node-identity

k8s/crds/kops.k8s.io_clusters.yaml

@@ -2730,6 +2730,10 @@ spec:
                       description: EnablePrometheusMetrics enables the Cilium "/metrics"
                         endpoint for both the agent and the operator.
                       type: boolean
+                    enableRemoteNodeIdentity:
+                      description: 'EnableRemoteNodeIdentity enables the remote-node-identity
+                        added in Cilium 1.7.0. Default: false'
+                      type: boolean
                     enableTracing:
                       description: EnableTracing is not implemented and may be removed
                         in the future. Setting this has no effect.
@@ -2938,6 +2942,7 @@ spec:
                   - clusterName
                   - cniBinPath
                   - enableNodePort
+                  - enableRemoteNodeIdentity
                   - enableipv4
                   - enableipv6
                   - monitorAggregation

pkg/apis/kops/networking.go

@@ -406,6 +406,9 @@ type CiliumNetworkingSpec struct {
 	// The cluster is operated by cilium-etcd-operator.
 	// Default: false
 	EtcdManaged bool `json:"etcdManaged,omitempty"`
+	// EnableRemoteNodeIdentity enables the remote-node-identity added in Cilium 1.7.0.
+	// Default: false
+	EnableRemoteNodeIdentity bool `json:"enableRemoteNodeIdentity"`
 
 	// RemoveCbrBridge is not implemented and may be removed in the future.
 	// Setting this has no effect.

pkg/apis/kops/v1alpha1/networking.go

@@ -404,6 +404,9 @@ type CiliumNetworkingSpec struct {
 	// The cluster is operated by cilium-etcd-operator.
 	// Default: false
 	EtcdManaged bool `json:"etcdManaged,omitempty"`
+	// EnableRemoteNodeIdentity enables the remote-node-identity added in Cilium 1.7.0.
+	// Default: false
+	EnableRemoteNodeIdentity bool `json:"enableRemoteNodeIdentity"`
 
 	// RemoveCbrBridge is not implemented and may be removed in the future.
 	// Setting this has no effect.

pkg/apis/kops/v1alpha1/zz_generated.conversion.go

@@ -1335,6 +1335,7 @@ func autoConvert_v1alpha1_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *
 	out.AutoDirectNodeRoutes = in.AutoDirectNodeRoutes
 	out.EnableNodePort = in.EnableNodePort
 	out.EtcdManaged = in.EtcdManaged
+	out.EnableRemoteNodeIdentity = in.EnableRemoteNodeIdentity
 	out.RemoveCbrBridge = in.RemoveCbrBridge
 	out.RestartPods = in.RestartPods
 	out.ReconfigureKubelet = in.ReconfigureKubelet
@@ -1415,6 +1416,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha1_CiliumNetworkingSpec(in *
 	out.AutoDirectNodeRoutes = in.AutoDirectNodeRoutes
 	out.EnableNodePort = in.EnableNodePort
 	out.EtcdManaged = in.EtcdManaged
+	out.EnableRemoteNodeIdentity = in.EnableRemoteNodeIdentity
 	out.RemoveCbrBridge = in.RemoveCbrBridge
 	out.RestartPods = in.RestartPods
 	out.ReconfigureKubelet = in.ReconfigureKubelet

pkg/apis/kops/v1alpha2/networking.go

@@ -404,6 +404,9 @@ type CiliumNetworkingSpec struct {
 	// The cluster is operated by cilium-etcd-operator.
 	// Default: false
 	EtcdManaged bool `json:"etcdManaged,omitempty"`
+	// EnableRemoteNodeIdentity enables the remote-node-identity added in Cilium 1.7.0.
+	// Default: false
+	EnableRemoteNodeIdentity bool `json:"enableRemoteNodeIdentity"`
 
 	// RemoveCbrBridge is not implemented and may be removed in the future.
 	// Setting this has no effect.

pkg/apis/kops/v1alpha2/zz_generated.conversion.go

@@ -1377,6 +1377,7 @@ func autoConvert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *
 	out.AutoDirectNodeRoutes = in.AutoDirectNodeRoutes
 	out.EnableNodePort = in.EnableNodePort
 	out.EtcdManaged = in.EtcdManaged
+	out.EnableRemoteNodeIdentity = in.EnableRemoteNodeIdentity
 	out.RemoveCbrBridge = in.RemoveCbrBridge
 	out.RestartPods = in.RestartPods
 	out.ReconfigureKubelet = in.ReconfigureKubelet
@@ -1457,6 +1458,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha2_CiliumNetworkingSpec(in *
 	out.AutoDirectNodeRoutes = in.AutoDirectNodeRoutes
 	out.EnableNodePort = in.EnableNodePort
 	out.EtcdManaged = in.EtcdManaged
+	out.EnableRemoteNodeIdentity = in.EnableRemoteNodeIdentity
 	out.RemoveCbrBridge = in.RemoveCbrBridge
 	out.RestartPods = in.RestartPods
 	out.ReconfigureKubelet = in.ReconfigureKubelet

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template

@@ -137,6 +137,7 @@ data:
   auto-direct-node-routes: "{{- if .AutoDirectNodeRoutes -}}true{{- else -}}false{{- end -}}"
   enable-node-port: "{{- if .EnableNodePort -}}true{{- else -}}false{{- end -}}"
   kube-proxy-replacement: "{{- if .EnableNodePort -}}strict{{- else -}}partial{{- end -}}"
+  enable-remote-node-identity: "{{- if .EnableRemoteNodeIdentity -}}true{{- else -}}false{{- end -}}"
   {{ with .Ipam }}
   ipam: {{ . }}
   {{ if eq . "eni" }}

upup/pkg/fi/cloudup/bootstrapchannelbuilder.go

@@ -951,7 +951,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
 
 	if b.cluster.Spec.Networking.Cilium != nil {
 		key := "networking.cilium.io"
-		version := "1.7.0-kops.2"
+		version := "1.7.1-kops.1"
 
 		{
 			id := "k8s-1.7"

upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml

@@ -93,12 +93,12 @@ spec:
     name: networking.cilium.io
     selector:
       role.kubernetes.io/networking: "1"
-    version: 1.7.0-kops.2
+    version: 1.7.1-kops.1
   - id: k8s-1.12
     kubernetesVersion: '>=1.12.0'
     manifest: networking.cilium.io/k8s-1.12.yaml
-    manifestHash: e70d13053043ca311108cd90521f30d75c558cc7
+    manifestHash: a897a4b5d8f69f704c33c90487016f87b3737ffd
     name: networking.cilium.io
     selector:
       role.kubernetes.io/networking: "1"
-    version: 1.7.0-kops.2
+    version: 1.7.1-kops.1