Allow configuration of enable-remote-node-identity

k8s/crds/kops.k8s.io_clusters.yaml

@@ -2730,6 +2730,10 @@ spec:
                       description: EnablePrometheusMetrics enables the Cilium "/metrics"
                         endpoint for both the agent and the operator.
                       type: boolean
+                    enableRemoteNodeIdentity:
+                      description: 'EnableRemoteNodeIdentity enables the remote-node-identity
+                        added in Cilium 1.7.0. Default: false'
+                      type: boolean
                     enableTracing:
                       description: EnableTracing is not implemented and may be removed
                         in the future. Setting this has no effect.
@@ -2938,6 +2942,7 @@ spec:
                   - clusterName
                   - cniBinPath
                   - enableNodePort
+                  - enableRemoteNodeIdentity
                   - enableipv4
                   - enableipv6
                   - monitorAggregation

pkg/apis/kops/networking.go

@@ -406,6 +406,9 @@ type CiliumNetworkingSpec struct {
 	// The cluster is operated by cilium-etcd-operator.
 	// Default: false
 	EtcdManaged bool `json:"etcdManaged,omitempty"`
+	// EnableRemoteNodeIdentity enables the remote-node-identity added in Cilium 1.7.0.
+	// Default: false
+	EnableRemoteNodeIdentity bool `json:"enableRemoteNodeIdentity"`
 
 	// RemoveCbrBridge is not implemented and may be removed in the future.
 	// Setting this has no effect.

pkg/apis/kops/v1alpha1/networking.go

@@ -404,6 +404,9 @@ type CiliumNetworkingSpec struct {
 	// The cluster is operated by cilium-etcd-operator.
 	// Default: false
 	EtcdManaged bool `json:"etcdManaged,omitempty"`
+	// EnableRemoteNodeIdentity enables the remote-node-identity added in Cilium 1.7.0.
+	// Default: false
+	EnableRemoteNodeIdentity bool `json:"enableRemoteNodeIdentity"`
 
 	// RemoveCbrBridge is not implemented and may be removed in the future.
 	// Setting this has no effect.

pkg/apis/kops/v1alpha2/networking.go

@@ -404,6 +404,9 @@ type CiliumNetworkingSpec struct {
 	// The cluster is operated by cilium-etcd-operator.
 	// Default: false
 	EtcdManaged bool `json:"etcdManaged,omitempty"`
+	// EnableRemoteNodeIdentity enables the remote-node-identity added in Cilium 1.7.0.
+	// Default: false
+	EnableRemoteNodeIdentity bool `json:"enableRemoteNodeIdentity"`
 
 	// RemoveCbrBridge is not implemented and may be removed in the future.
 	// Setting this has no effect.

upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template

@@ -137,6 +137,7 @@ data:
   auto-direct-node-routes: "{{- if .AutoDirectNodeRoutes -}}true{{- else -}}false{{- end -}}"
   enable-node-port: "{{- if .EnableNodePort -}}true{{- else -}}false{{- end -}}"
   kube-proxy-replacement: "{{- if .EnableNodePort -}}strict{{- else -}}partial{{- end -}}"
+  enable-remote-node-identity: "{{- if .EnableRemoteNodeIdentity -}}true{{- else -}}false{{- end -}}"
   {{ with .Ipam }}
   ipam: {{ . }}
   {{ if eq . "eni" }}

upup/pkg/fi/cloudup/bootstrapchannelbuilder.go

@@ -951,7 +951,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
 
 	if b.cluster.Spec.Networking.Cilium != nil {
 		key := "networking.cilium.io"
-		version := "1.7.0-kops.2"
+		version := "1.7.1-kops.1"
 
 		{
 			id := "k8s-1.7"

upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml

@@ -93,12 +93,12 @@ spec:
     name: networking.cilium.io
     selector:
       role.kubernetes.io/networking: "1"
-    version: 1.7.0-kops.2
+    version: 1.7.1-kops.1
   - id: k8s-1.12
     kubernetesVersion: '>=1.12.0'
     manifest: networking.cilium.io/k8s-1.12.yaml
-    manifestHash: e70d13053043ca311108cd90521f30d75c558cc7
+    manifestHash: a897a4b5d8f69f704c33c90487016f87b3737ffd
     name: networking.cilium.io
     selector:
       role.kubernetes.io/networking: "1"
-    version: 1.7.0-kops.2
+    version: 1.7.1-kops.1