From e2c762032748c80a0e0c34b036f3a7f151843210 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 10 Jan 2022 21:41:34 +0100
Subject: [PATCH] feat(calico): Add initial firewall preparations

---
 infrastructure/firewall/controller-config.yaml | 11 +++++++++++
 infrastructure/firewall/kustomization.yaml     |  5 +++++
 infrastructure/kustomization.yaml              |  1 +
 3 files changed, 17 insertions(+)
 create mode 100644 infrastructure/firewall/controller-config.yaml
 create mode 100644 infrastructure/firewall/kustomization.yaml

diff --git a/infrastructure/firewall/controller-config.yaml b/infrastructure/firewall/controller-config.yaml
new file mode 100644
index 000000000..5882934a2
--- /dev/null
+++ b/infrastructure/firewall/controller-config.yaml
@@ -0,0 +1,11 @@
+apiVersion: crd.projectcalico.org/v1
+kind: KubeControllersConfiguration
+metadata:
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+  name: default
+spec:
+  controllers:
+    node:
+      hostEndpoint:
+        autoCreate: "Enabled"
diff --git a/infrastructure/firewall/kustomization.yaml b/infrastructure/firewall/kustomization.yaml
new file mode 100644
index 000000000..0d33fe9d2
--- /dev/null
+++ b/infrastructure/firewall/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - controller-config.yaml
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 1d1f0b345..e9c055ae6 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - kyverno
+  - firewall
   - cert-manager
   - prometheus
   - ingress-nginx
-- 
GitLab