From 13221e877d87a19e6f3d977772c3f7691ee37df6 Mon Sep 17 00:00:00 2001
From: Gerrit <Gerrit91@users.noreply.github.com>
Date: Wed, 19 Jul 2023 09:06:14 +0200
Subject: [PATCH] Disable node-init for cilium. (#332)

---
 .../internal/shoot-control-plane/templates/node-init.yaml | 2 ++
 charts/internal/shoot-control-plane/values.yaml           | 3 +++
 pkg/controller/controlplane/valuesprovider.go             | 8 ++++++++
 3 files changed, 13 insertions(+)

diff --git a/charts/internal/shoot-control-plane/templates/node-init.yaml b/charts/internal/shoot-control-plane/templates/node-init.yaml
index 67266a520..fe072c6d6 100644
--- a/charts/internal/shoot-control-plane/templates/node-init.yaml
+++ b/charts/internal/shoot-control-plane/templates/node-init.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.nodeInit.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -100,3 +101,4 @@ spec:
         operator: Exists
       - effect: NoExecute
         operator: Exists
+{{- end }}
diff --git a/charts/internal/shoot-control-plane/values.yaml b/charts/internal/shoot-control-plane/values.yaml
index 07e4268b0..5798f8eb8 100644
--- a/charts/internal/shoot-control-plane/values.yaml
+++ b/charts/internal/shoot-control-plane/values.yaml
@@ -30,6 +30,9 @@ duros:
 clusterAudit:
   enabled: false
 
+nodeInit:
+  enabled: true
+
 restrictEgress:
   enabled: false
   apiServerIngressDomain: api.kube-apiserver
diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go
index efbb75814..b1062d975 100644
--- a/pkg/controller/controlplane/valuesprovider.go
+++ b/pkg/controller/controlplane/valuesprovider.go
@@ -623,6 +623,13 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, m
 		clusterAuditValues["enabled"] = true
 	}
 
+	nodeInitValues := map[string]any{
+		"enabled": true,
+	}
+	if cluster.Shoot.Spec.Networking.Type == "cilium" {
+		nodeInitValues["enabled"] = false
+	}
+
 	apiserverIPs := []string{}
 	if !extensionscontroller.IsHibernated(cluster) {
 		// get apiserver ip adresses from external dns entry
@@ -683,6 +690,7 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, m
 		"firewallSpec":      fwSpec,
 		"duros":             durosValues,
 		"clusterAudit":      clusterAuditValues,
+		"nodeInit":          nodeInitValues,
 		"restrictEgress": map[string]any{
 			"enabled":                cpConfig.FeatureGates.RestrictEgress != nil && *cpConfig.FeatureGates.RestrictEgress,
 			"apiServerIngressDomain": "api." + *cluster.Shoot.Spec.DNS.Domain,