helm: Add encryption.wireguard.userspaceFallback value

To enable the fallback to user-space mode implemented in the previous commits. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
cilium · Oct 20, 2021 · 718c4f7 · 718c4f7
1 parent a995276
commit 718c4f7
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 0 deletions.
diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst
diff --git a/Documentation/spelling_wordlist.txt b/Documentation/spelling_wordlist.txt
@@ -894,6 +894,7 @@ url
 useAPIServer
 username
 userspace
+userspaceFallback
 usr
 uuid
 vCPU
@@ -926,6 +927,7 @@ whitelists
 whitespace
 wildcard
 wildcards
+wireguard
 workflow
 workflows
 workspace

diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md
@@ -142,6 +142,7 @@ contributors across the globe, there is almost always someone available to help.
 | encryption.nodeEncryption | bool | `false` | Enable encryption for pure node to node traffic. This option is only effective when encryption.type is set to ipsec. |
 | encryption.secretName | string | `"cilium-ipsec-keys"` | Deprecated in favor of encryption.ipsec.secretName. Name of the Kubernetes secret containing the encryption keys. This option is only effective when encryption.type is set to ipsec. |
 | encryption.type | string | `"ipsec"` | Encryption method. Can be either ipsec or wireguard. |
+| encryption.wireguard.userspaceFallback | bool | `false` | Enables the fallback to the user-space implementation. |
 | endpointHealthChecking.enabled | bool | `true` | Enable connectivity health checking between virtual endpoints. |
 | endpointRoutes.enabled | bool | `false` | Enable use of per endpoint routes instead of routing via the cilium_host interface. |
 | endpointStatus | object | `{"enabled":false,"status":""}` | Enable endpoint status. Status can be: policy, health, controllers, logs and / or state. For 2 or more options use a comma. |

diff --git a/install/kubernetes/cilium/templates/cilium-configmap.yaml b/install/kubernetes/cilium/templates/cilium-configmap.yaml
@@ -454,6 +454,9 @@ data:
     {{- end }}
   {{- else if eq .Values.encryption.type "wireguard" }}
   enable-wireguard: {{ .Values.encryption.enabled | quote }}
+    {{- if .Values.encryption.wireguard.userspaceFallback }}
+  enable-wireguard-userspace-fallback: {{ .Values.encryption.wireguard.userspaceFallback | quote }}
+    {{- end }}
   {{- end }}
 {{- end }}
 

diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml
@@ -442,6 +442,10 @@ encryption:
     # -- The interface to use for encrypted traffic.
     interface: ""
 
+  wireguard:
+    # -- Enables the fallback to the user-space implementation.
+    userspaceFallback: false
+
   # -- Deprecated in favor of encryption.ipsec.keyFile.
   # Name of the key file inside the Kubernetes secret configured via secretName.
   # This option is only effective when encryption.type is set to ipsec.