Add flag --enable-calico-epbf

cmd/cluster.go

@@ -241,6 +241,7 @@ func newClusterCmd(c *config) *cobra.Command {
 	clusterCreateCmd.Flags().String("default-storage-class", "", "set default storage class to given name, must be one of the managed storage classes")
 	clusterCreateCmd.Flags().String("max-pods-per-node", "", "set number of maximum pods per node (default: 510). Lower numbers allow for more node per cluster. [optional]")
 	clusterCreateCmd.Flags().String("cni", "", "the network plugin used in this cluster, defaults to calico. please note that cilium support is still Alpha and we are happy to receive feedback. [optional]")
+	clusterCreateCmd.Flags().Bool("enable-calico-ebpf", false, "enables calico cni to use eBPF data plane and DSR configuration, for increased performance and preserving source IP addresses. [optional]")
 	clusterCreateCmd.Flags().BoolP("enable-node-local-dns", "", false, "enables node local dns cache on the cluster nodes. [optional].")
 	clusterCreateCmd.Flags().BoolP("disable-forwarding-to-upstream-dns", "", false, "disables direct forwarding of queries to external dns servers when node-local-dns is enabled. All dns queries will go through coredns. [optional].")
 	clusterCreateCmd.Flags().StringSlice("kube-apiserver-acl-allowed-cidrs", []string{}, "comma-separated list of external CIDRs allowed to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")")
@@ -340,6 +341,7 @@ func newClusterCmd(c *config) *cobra.Command {
 	clusterUpdateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-* [optional].")
 	clusterUpdateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again")
 	clusterUpdateCmd.Flags().Int64("kubelet-pod-pid-limit", 0, "controls the maximum number of process IDs per pod allowed by the kubelet")
+	clusterUpdateCmd.Flags().Bool("enable-calico-ebpf", false, "enables calico cni to use eBPF data plane and DSR configuration, for increased performance and preserving source IP addresses. [optional]")
 
 	genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("version", c.comp.VersionListCompletion))
 	genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("workerversion", c.comp.VersionListCompletion))
@@ -453,6 +455,7 @@ func (c *config) clusterCreate() error {
 	disableForwardToUpstreamDNS := viper.GetBool("disable-forwarding-to-upstream-dns")
 	highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane"))
 	podpidLimit := viper.GetInt64("kubelet-pod-pid-limit")
+	calicoEbpf := strconv.FormatBool(viper.GetBool("enable-calico-ebpf"))
 
 	var cni string
 	if viper.IsSet("cni") {
@@ -660,7 +663,6 @@ WARNING: You are going to create a cluster that has no default internet access w
 	}
 
 	if viper.IsSet("kube-apiserver-acl-allowed-cidrs") || viper.IsSet("enable-kube-apiserver-acl") {
-
 		if !viper.GetBool("yes-i-really-mean-it") && viper.IsSet("enable-kube-apiserver-acl") {
 			return fmt.Errorf("--enable-kube-apiserver-acl is set but you forgot to add --yes-i-really-mean-it")
 		}
@@ -679,8 +681,21 @@ WARNING: You are going to create a cluster that has no default internet access w
 		}
 	}
 
+	if viper.IsSet("enable-calico-ebpf") {
+		if activate, _ := strconv.ParseBool(calicoEbpf); activate {
+			if err := genericcli.PromptCustom(&genericcli.PromptConfig{
+				Message:     "Enabling the Calico eBPF feature gate is still a beta feature. Be aware that this may impact the network policies in your cluster as source IP addresses are preserved with this configuration.",
+				ShowAnswers: true,
+				Out:         c.out,
+			}); err != nil {
+				return err
+			}
+		}
+
+		scr.ClusterFeatures.CalicoEbpfDataplane = &calicoEbpf
+	}
+
 	if viper.IsSet("high-availability-control-plane") {
-		scr.ClusterFeatures.HighAvailability = &highAvailability
 		if ha, _ := strconv.ParseBool(highAvailability); ha {
 			if err := genericcli.PromptCustom(&genericcli.PromptConfig{
 				Message:     "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.",
@@ -690,6 +705,8 @@ WARNING: You are going to create a cluster that has no default internet access w
 				return err
 			}
 		}
+
+		scr.ClusterFeatures.HighAvailability = &highAvailability
 	}
 
 	if viper.IsSet("kubelet-pod-pid-limit") {
@@ -935,6 +952,7 @@ func (c *config) updateCluster(args []string) error {
 
 	encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes"))
 	highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane"))
+	calicoEbpf := strconv.FormatBool(viper.GetBool("enable-calico-ebpf"))
 
 	podpidLimit := viper.GetInt64("kubelet-pod-pid-limit")
 
@@ -994,8 +1012,20 @@ func (c *config) updateCluster(args []string) error {
 	if viper.IsSet("logacceptedconns") {
 		clusterFeatures.LogAcceptedConnections = &logAcceptedConnections
 	}
+	if viper.IsSet("enable-calico-ebpf") {
+		if activate, _ := strconv.ParseBool(calicoEbpf); activate {
+			if err := genericcli.PromptCustom(&genericcli.PromptConfig{
+				Message:     "Enabling the Calico eBPF feature gate is still a beta feature. Be aware that this may impact the network policies in your cluster as source IP addresses are preserved with this configuration.",
+				ShowAnswers: true,
+				Out:         c.out,
+			}); err != nil {
+				return err
+			}
+		}
+
+		clusterFeatures.CalicoEbpfDataplane = &calicoEbpf
+	}
 	if viper.IsSet("high-availability-control-plane") {
-		clusterFeatures.HighAvailability = &highAvailability
 		if v, _ := strconv.ParseBool(highAvailability); v {
 			if err := genericcli.PromptCustom(&genericcli.PromptConfig{
 				Message:     "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.",
@@ -1005,6 +1035,8 @@ func (c *config) updateCluster(args []string) error {
 				return err
 			}
 		}
+
+		clusterFeatures.HighAvailability = &highAvailability
 	}
 
 	workergroupKubernetesVersion := viper.GetString("workerversion")

cmd/output/shootprinter.go

@@ -2,6 +2,7 @@ package output
 
 import (
 	"fmt"
+	"strconv"
 	"strings"
 	"time"
 
@@ -148,12 +149,20 @@ func (s ShootIssuesTablePrinter) Print(data []*models.V1ClusterResponse) {
 
 func shootData(shoot *models.V1ClusterResponse, withIssues bool) ([]string, []string, []string) {
 	shootStats := newShootStats(shoot.Status)
+
 	if shoot.KubeAPIServerACL != nil && !*shoot.KubeAPIServerACL.Disabled {
 		shootStats.apiServer += "🔒"
 	}
-	if shoot.ClusterFeatures != nil && shoot.ClusterFeatures.HighAvailability != nil && *shoot.ClusterFeatures.HighAvailability == "true" {
-		shootStats.apiServer += "🤹"
+
+	if shoot.ClusterFeatures != nil {
+		if ok, err := strconv.ParseBool(pointer.SafeDeref(shoot.ClusterFeatures.HighAvailability)); err == nil && ok {
+			shootStats.apiServer += "🤹"
+		}
+		if ok, err := strconv.ParseBool(pointer.SafeDeref(shoot.ClusterFeatures.CalicoEbpfDataplane)); err == nil && ok {
+			shootStats.system += "🐝"
+		}
 	}
+
 	name := *shoot.Name
 	if shoot.NetworkAccessType != nil {
 		if *shoot.NetworkAccessType == models.V1ClusterCreateRequestNetworkAccessTypeForbidden {

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1
 	github.com/fatih/color v1.17.0
 	github.com/fi-ts/accounting-go v0.11.0
-	github.com/fi-ts/cloud-go v0.29.0
+	github.com/fi-ts/cloud-go v0.29.4
 	github.com/gardener/gardener v1.91.0
 	github.com/gardener/machine-controller-manager v0.53.1
 	github.com/go-openapi/runtime v0.28.0
@@ -20,7 +20,7 @@ require (
 	github.com/jinzhu/now v1.1.5
 	github.com/metal-stack/duros-go v0.5.1
 	github.com/metal-stack/metal-go v0.37.2
-	github.com/metal-stack/metal-lib v0.18.3
+	github.com/metal-stack/metal-lib v0.18.4
 	github.com/metal-stack/updater v1.2.2
 	github.com/metal-stack/v v1.0.3
 	github.com/olekukonko/tablewriter v0.0.5

go.sum

@@ -96,8 +96,8 @@ github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
 github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/fi-ts/accounting-go v0.11.0 h1:UHIc+y99J6zi8FeWHvvx2aztXyIPkGCXW9SdaAsrZwo=
 github.com/fi-ts/accounting-go v0.11.0/go.mod h1:2HICRUx3E38kEF49ri5ed2dWymwo05LawcFQDhsw1g4=
-github.com/fi-ts/cloud-go v0.29.0 h1:0MSgs4BiBBcCDWEXTwg3h15r0yRf1mGV/17XQ/LGSec=
-github.com/fi-ts/cloud-go v0.29.0/go.mod h1:pcGGl+M2OmtvwyuTEOimqSHrZngDotG69lmBzEbx6cc=
+github.com/fi-ts/cloud-go v0.29.4 h1:mZ9woPt3cSk9oApZG1y6lm4G6OQ60YWkS3FlefBzWGw=
+github.com/fi-ts/cloud-go v0.29.4/go.mod h1:pcGGl+M2OmtvwyuTEOimqSHrZngDotG69lmBzEbx6cc=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
@@ -288,8 +288,8 @@ github.com/metal-stack/duros-go v0.5.1 h1:baE/c0AKy9sTOztPhILJLaoMmT17Ajsb+xRMfH
 github.com/metal-stack/duros-go v0.5.1/go.mod h1:Z9mzI9ds2gI8zHC03PUCQvmlWa7WAPukDCUhowtVeOk=
 github.com/metal-stack/metal-go v0.37.2 h1:SDIuV43y09kmwtHfsReOZoZ7c2F+lNP4iIhazfJL5tQ=
 github.com/metal-stack/metal-go v0.37.2/go.mod h1:3MJTYCS4YJz8D8oteTKhjpaAKNMMjMKYDrIy9awHGtQ=
-github.com/metal-stack/metal-lib v0.18.3 h1:bovFiJPB9SMvuGLqcXVWz6jFB8HrdzwnCX7TFlen4r0=
-github.com/metal-stack/metal-lib v0.18.3/go.mod h1:Ctyi6zaXFr2NVrQZLFsDLnFCzupKnYErTtgRFKAsnbw=
+github.com/metal-stack/metal-lib v0.18.4 h1:7HnfSwSbrKNHU+i6i79YFk/eeuhBhwIEHWpGqS7pYCc=
+github.com/metal-stack/metal-lib v0.18.4/go.mod h1:Ctyi6zaXFr2NVrQZLFsDLnFCzupKnYErTtgRFKAsnbw=
 github.com/metal-stack/security v0.8.1 h1:4zmVUxZvDWShVvVIxM3XhIv7pTmPe9DvACRIHW6YTsk=
 github.com/metal-stack/security v0.8.1/go.mod h1:OO8ZilZO6fUV5QEmwc7HP/RAjqYrGQxXoYIddJ9TvqE=
 github.com/metal-stack/updater v1.2.2 h1:gnUrnQgfT20QFMDtFBY89opKoBAkdeI/8T2iwMHNdxs=