diff --git a/infrastructure/firewall/controller-config.yaml b/infrastructure/firewall/controller-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5882934a28ca0fbb2ca63a8067bf5d16902e7af1
--- /dev/null
+++ b/infrastructure/firewall/controller-config.yaml
@@ -0,0 +1,11 @@
+apiVersion: crd.projectcalico.org/v1
+kind: KubeControllersConfiguration
+metadata:
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+  name: default
+spec:
+  controllers:
+    node:
+      hostEndpoint:
+        autoCreate: "Enabled"
diff --git a/infrastructure/firewall/kustomization.yaml b/infrastructure/firewall/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0d33fe9d24bd7ee4ea7bbf540457a7a6100979a9
--- /dev/null
+++ b/infrastructure/firewall/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - controller-config.yaml
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 1d1f0b345ed7bd9879a71cc510d769e600686854..e9c055ae6cc2d03981b7efa806d961c46c91eb33 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - kyverno
+  - firewall
   - cert-manager
   - prometheus
   - ingress-nginx