Disable node-init for cilium. (#332)

metal-stack · Jul 19, 2023 · 13221e8 · 13221e8
1 parent 8c27082
commit 13221e8
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/charts/internal/shoot-control-plane/templates/node-init.yaml b/charts/internal/shoot-control-plane/templates/node-init.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.nodeInit.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -100,3 +101,4 @@ spec:
         operator: Exists
       - effect: NoExecute
         operator: Exists
+{{- end }}
diff --git a/charts/internal/shoot-control-plane/values.yaml b/charts/internal/shoot-control-plane/values.yaml
@@ -30,6 +30,9 @@ duros:
 clusterAudit:
   enabled: false
 
+nodeInit:
+  enabled: true
+
 restrictEgress:
   enabled: false
   apiServerIngressDomain: api.kube-apiserver

diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go
@@ -623,6 +623,13 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, m
 		clusterAuditValues["enabled"] = true
 	}
 
+	nodeInitValues := map[string]any{
+		"enabled": true,
+	}
+	if cluster.Shoot.Spec.Networking.Type == "cilium" {
+		nodeInitValues["enabled"] = false
+	}
+
 	apiserverIPs := []string{}
 	if !extensionscontroller.IsHibernated(cluster) {
 		// get apiserver ip adresses from external dns entry
@@ -683,6 +690,7 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, m
 		"firewallSpec":      fwSpec,
 		"duros":             durosValues,
 		"clusterAudit":      clusterAuditValues,
+		"nodeInit":          nodeInitValues,
 		"restrictEgress": map[string]any{
 			"enabled":                cpConfig.FeatureGates.RestrictEgress != nil && *cpConfig.FeatureGates.RestrictEgress,
 			"apiServerIngressDomain": "api." + *cluster.Shoot.Spec.DNS.Domain,