docs: Mark host firewall stable

The remaining issues with the host firewall and kube-proxy are resolved. The race condition on node labels was also addressed and the host firewall's status is now present in cilium status. We can now mark the host firewall stable regardless of KPR status. Signed-off-by: Paul Chaignon <paul@cilium.io>
cilium · Aug 24, 2021 · d9ddba4 · d9ddba4
1 parent 8085dfa
commit d9ddba4
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 13 deletions.
diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md
diff --git a/Documentation/gettingstarted/host-firewall.rst b/Documentation/gettingstarted/host-firewall.rst
@@ -6,21 +6,13 @@
 
 .. _host_firewall:
 
-******************************************
-Host Firewall (beta when using kube-proxy)
-******************************************
+*************
+Host Firewall
+*************
 
 This document serves as an introduction to Cilium's host firewall, to enforce
 security policies for Kubernetes nodes.
 
-.. note::
-
-    The host firewall is a beta feature when running without our kube-proxy
-    replacement. In particular, two bugs need to be addressed before we can
-    consider this feature stable: :gh-issue:`12205` and :gh-issue:`14859`.
-    Please provide feedback and file a GitHub issue if you experience any
-    problems.
-
 Enable the Host Firewall in Cilium
 ==================================
 

diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go
@@ -617,7 +617,7 @@ func init() {
 	flags.Bool(option.EnableIdentityMark, true, "Enable setting identity mark for local traffic")
 	option.BindEnv(option.EnableIdentityMark)
 
-	flags.Bool(option.EnableHostFirewall, false, "Enable host network policies (beta when using kube-proxy)")
+	flags.Bool(option.EnableHostFirewall, false, "Enable host network policies")
 	option.BindEnv(option.EnableHostFirewall)
 
 	flags.String(option.NativeRoutingCIDR, "",