diff --git a/templates/flavors/k3s/dual-stack/kustomization.yaml b/templates/flavors/k3s/dual-stack/kustomization.yaml index 2ded1573f..96ae0f8b7 100644 --- a/templates/flavors/k3s/dual-stack/kustomization.yaml +++ b/templates/flavors/k3s/dual-stack/kustomization.yaml @@ -61,6 +61,11 @@ patches: valuesContent: |- bgpControlPlane: enabled: true + policyAuditMode: ${FW_AUDIT_ONLY:=true} + hostFirewall: + enabled: true + extraConfig: + allow-localhost: policy ipam: mode: kubernetes ipv4: diff --git a/templates/flavors/k3s/full-vpcless/kustomization.yaml b/templates/flavors/k3s/full-vpcless/kustomization.yaml index f7cc18e20..ab9275905 100644 --- a/templates/flavors/k3s/full-vpcless/kustomization.yaml +++ b/templates/flavors/k3s/full-vpcless/kustomization.yaml @@ -93,6 +93,11 @@ patches: valuesContent: |- bgpControlPlane: enabled: true + policyAuditMode: ${FW_AUDIT_ONLY:=true} + hostFirewall: + enabled: true + extraConfig: + allow-localhost: policy ipam: mode: kubernetes ipv4: diff --git a/templates/flavors/k3s/vpcless/kustomization.yaml b/templates/flavors/k3s/vpcless/kustomization.yaml index 37c79d50a..a932dc937 100644 --- a/templates/flavors/k3s/vpcless/kustomization.yaml +++ b/templates/flavors/k3s/vpcless/kustomization.yaml @@ -93,6 +93,11 @@ patches: valuesContent: |- bgpControlPlane: enabled: true + policyAuditMode: ${FW_AUDIT_ONLY:=true} + hostFirewall: + enabled: true + extraConfig: + allow-localhost: policy ipam: mode: kubernetes ipv4: diff --git a/templates/flavors/kubeadm/dual-stack/kustomization.yaml b/templates/flavors/kubeadm/dual-stack/kustomization.yaml index 2c2550472..cc37f68bc 100644 --- a/templates/flavors/kubeadm/dual-stack/kustomization.yaml +++ b/templates/flavors/kubeadm/dual-stack/kustomization.yaml @@ -47,6 +47,11 @@ patches: value: | bgpControlPlane: enabled: true + policyAuditMode: ${FW_AUDIT_ONLY:=true} + hostFirewall: + enabled: true + extraConfig: + allow-localhost: policy ipv6: enabled: true ipam: diff --git a/templates/flavors/kubeadm/full-vpcless/kustomization.yaml b/templates/flavors/kubeadm/full-vpcless/kustomization.yaml index 1fdfc1362..2e3ac136d 100644 --- a/templates/flavors/kubeadm/full-vpcless/kustomization.yaml +++ b/templates/flavors/kubeadm/full-vpcless/kustomization.yaml @@ -52,6 +52,11 @@ patches: value: | bgpControlPlane: enabled: true + policyAuditMode: ${FW_AUDIT_ONLY:=true} + hostFirewall: + enabled: true + extraConfig: + allow-localhost: policy ipv6: enabled: true ipam: diff --git a/templates/flavors/kubeadm/vpcless/kustomization.yaml b/templates/flavors/kubeadm/vpcless/kustomization.yaml index 102d5984c..710a1b5ad 100644 --- a/templates/flavors/kubeadm/vpcless/kustomization.yaml +++ b/templates/flavors/kubeadm/vpcless/kustomization.yaml @@ -13,6 +13,11 @@ patches: value: | bgpControlPlane: enabled: true + policyAuditMode: ${FW_AUDIT_ONLY:=true} + hostFirewall: + enabled: true + extraConfig: + allow-localhost: policy ipam: mode: kubernetes k8s: diff --git a/templates/flavors/rke2/vpcless/kustomization.yaml b/templates/flavors/rke2/vpcless/kustomization.yaml index 7f173d8e7..6a5e6a646 100644 --- a/templates/flavors/rke2/vpcless/kustomization.yaml +++ b/templates/flavors/rke2/vpcless/kustomization.yaml @@ -13,6 +13,11 @@ patches: value: | bgpControlPlane: enabled: true + policyAuditMode: ${FW_AUDIT_ONLY:=true} + hostFirewall: + enabled: true + extraConfig: + allow-localhost: policy ipam: mode: kubernetes k8s: