From fd822596fdc1fb97e7e5ad20ab37e9f18e5c88df Mon Sep 17 00:00:00 2001
From: Ashley Dumaine <5779804+AshleyDumaine@users.noreply.github.com>
Date: Wed, 5 Jun 2024 11:10:02 -0400
Subject: [PATCH] fix flavors beside clusterclass that were missing cilium host
 FW (#354)

---
 templates/flavors/k3s/dual-stack/kustomization.yaml       | 5 +++++
 templates/flavors/k3s/full-vpcless/kustomization.yaml     | 5 +++++
 templates/flavors/k3s/vpcless/kustomization.yaml          | 5 +++++
 templates/flavors/kubeadm/dual-stack/kustomization.yaml   | 5 +++++
 templates/flavors/kubeadm/full-vpcless/kustomization.yaml | 5 +++++
 templates/flavors/kubeadm/vpcless/kustomization.yaml      | 5 +++++
 templates/flavors/rke2/vpcless/kustomization.yaml         | 5 +++++
 7 files changed, 35 insertions(+)

diff --git a/templates/flavors/k3s/dual-stack/kustomization.yaml b/templates/flavors/k3s/dual-stack/kustomization.yaml
index 2ded1573f..96ae0f8b7 100644
--- a/templates/flavors/k3s/dual-stack/kustomization.yaml
+++ b/templates/flavors/k3s/dual-stack/kustomization.yaml
@@ -61,6 +61,11 @@ patches:
             valuesContent: |-
               bgpControlPlane:
                 enabled: true
+              policyAuditMode: ${FW_AUDIT_ONLY:=true}
+              hostFirewall:
+                enabled: true
+              extraConfig:
+                allow-localhost: policy
               ipam:
                 mode: kubernetes
               ipv4:
diff --git a/templates/flavors/k3s/full-vpcless/kustomization.yaml b/templates/flavors/k3s/full-vpcless/kustomization.yaml
index f7cc18e20..ab9275905 100644
--- a/templates/flavors/k3s/full-vpcless/kustomization.yaml
+++ b/templates/flavors/k3s/full-vpcless/kustomization.yaml
@@ -93,6 +93,11 @@ patches:
             valuesContent: |-
               bgpControlPlane:
                 enabled: true
+              policyAuditMode: ${FW_AUDIT_ONLY:=true}
+              hostFirewall:
+                enabled: true
+              extraConfig:
+                allow-localhost: policy
               ipam:
                 mode: kubernetes
               ipv4:
diff --git a/templates/flavors/k3s/vpcless/kustomization.yaml b/templates/flavors/k3s/vpcless/kustomization.yaml
index 37c79d50a..a932dc937 100644
--- a/templates/flavors/k3s/vpcless/kustomization.yaml
+++ b/templates/flavors/k3s/vpcless/kustomization.yaml
@@ -93,6 +93,11 @@ patches:
             valuesContent: |-
               bgpControlPlane:
                 enabled: true
+              policyAuditMode: ${FW_AUDIT_ONLY:=true}
+              hostFirewall:
+                enabled: true
+              extraConfig:
+                allow-localhost: policy
               ipam:
                 mode: kubernetes
               ipv4:
diff --git a/templates/flavors/kubeadm/dual-stack/kustomization.yaml b/templates/flavors/kubeadm/dual-stack/kustomization.yaml
index 2c2550472..cc37f68bc 100644
--- a/templates/flavors/kubeadm/dual-stack/kustomization.yaml
+++ b/templates/flavors/kubeadm/dual-stack/kustomization.yaml
@@ -47,6 +47,11 @@ patches:
         value: |
           bgpControlPlane:
             enabled: true
+          policyAuditMode: ${FW_AUDIT_ONLY:=true}
+          hostFirewall:
+            enabled: true
+          extraConfig:
+            allow-localhost: policy
           ipv6:
             enabled: true
           ipam:
diff --git a/templates/flavors/kubeadm/full-vpcless/kustomization.yaml b/templates/flavors/kubeadm/full-vpcless/kustomization.yaml
index 1fdfc1362..2e3ac136d 100644
--- a/templates/flavors/kubeadm/full-vpcless/kustomization.yaml
+++ b/templates/flavors/kubeadm/full-vpcless/kustomization.yaml
@@ -52,6 +52,11 @@ patches:
         value: |
           bgpControlPlane:
             enabled: true
+          policyAuditMode: ${FW_AUDIT_ONLY:=true}
+          hostFirewall:
+            enabled: true
+          extraConfig:
+            allow-localhost: policy
           ipv6:
             enabled: true
           ipam:
diff --git a/templates/flavors/kubeadm/vpcless/kustomization.yaml b/templates/flavors/kubeadm/vpcless/kustomization.yaml
index 102d5984c..710a1b5ad 100644
--- a/templates/flavors/kubeadm/vpcless/kustomization.yaml
+++ b/templates/flavors/kubeadm/vpcless/kustomization.yaml
@@ -13,6 +13,11 @@ patches:
         value: |
           bgpControlPlane:
             enabled: true
+          policyAuditMode: ${FW_AUDIT_ONLY:=true}
+          hostFirewall:
+            enabled: true
+          extraConfig:
+            allow-localhost: policy
           ipam:
             mode: kubernetes
           k8s:
diff --git a/templates/flavors/rke2/vpcless/kustomization.yaml b/templates/flavors/rke2/vpcless/kustomization.yaml
index 7f173d8e7..6a5e6a646 100644
--- a/templates/flavors/rke2/vpcless/kustomization.yaml
+++ b/templates/flavors/rke2/vpcless/kustomization.yaml
@@ -13,6 +13,11 @@ patches:
         value: |
           bgpControlPlane:
             enabled: true
+          policyAuditMode: ${FW_AUDIT_ONLY:=true}
+          hostFirewall:
+            enabled: true
+          extraConfig:
+            allow-localhost: policy
           ipam:
             mode: kubernetes
           k8s: