diff --git a/charts/internal/shoot-control-plane/templates/node-init.yaml b/charts/internal/shoot-control-plane/templates/node-init.yaml index 67266a520..fe072c6d6 100644 --- a/charts/internal/shoot-control-plane/templates/node-init.yaml +++ b/charts/internal/shoot-control-plane/templates/node-init.yaml @@ -1,3 +1,4 @@ +{{- if .Values.nodeInit.enabled }} apiVersion: v1 kind: ServiceAccount metadata: @@ -100,3 +101,4 @@ spec: operator: Exists - effect: NoExecute operator: Exists +{{- end }} diff --git a/charts/internal/shoot-control-plane/values.yaml b/charts/internal/shoot-control-plane/values.yaml index 07e4268b0..5798f8eb8 100644 --- a/charts/internal/shoot-control-plane/values.yaml +++ b/charts/internal/shoot-control-plane/values.yaml @@ -30,6 +30,9 @@ duros: clusterAudit: enabled: false +nodeInit: + enabled: true + restrictEgress: enabled: false apiServerIngressDomain: api.kube-apiserver diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go index efbb75814..b1062d975 100644 --- a/pkg/controller/controlplane/valuesprovider.go +++ b/pkg/controller/controlplane/valuesprovider.go @@ -623,6 +623,13 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, m clusterAuditValues["enabled"] = true } + nodeInitValues := map[string]any{ + "enabled": true, + } + if cluster.Shoot.Spec.Networking.Type == "cilium" { + nodeInitValues["enabled"] = false + } + apiserverIPs := []string{} if !extensionscontroller.IsHibernated(cluster) { // get apiserver ip adresses from external dns entry @@ -683,6 +690,7 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, m "firewallSpec": fwSpec, "duros": durosValues, "clusterAudit": clusterAuditValues, + "nodeInit": nodeInitValues, "restrictEgress": map[string]any{ "enabled": cpConfig.FeatureGates.RestrictEgress != nil && *cpConfig.FeatureGates.RestrictEgress, "apiServerIngressDomain": "api." + *cluster.Shoot.Spec.DNS.Domain,