Update host endpoint controller configuration

calico/network-policy/hosts/kubernetes-nodes.mdx

@@ -28,6 +28,9 @@
 $[prodname] will ensure these managed host endpoints maintain the same labels and IP addresses as its node by periodic syncs.
 This means that policy targeting these automatic host endpoints will function correctly with the policy put in place to select those nodes, even if over time the node's IPs or labels change.
 
+$[prodname] is also able to create and manage custom host endpoints for nodes, based on user specified templates.
+This allows you to fine tune which interfaces should be included in the host endpoint and for which nodes these host endpoints should be created. The host endpoint templates can be enabled by updating [KubeControllersConfig](../../reference/resources/kubecontrollersconfig)
+
 Automatic host endpoints are differentiated from other host endpoints by the label `projectcalico.org/created-by: calico-kube-controllers`.
 Enable or disable automatic host endpoints by configuring the default KubeControllersConfiguration resource.
 

calico/reference/resources/kubecontrollersconfig.mdx

@@ -4,6 +4,8 @@
 
 # Kubernetes controllers configuration
 
+import Selectors from '@site/calico/_includes/content/_selectors.mdx';
+
 A $[prodname] [Kubernetes controllers](../kube-controllers/configuration.mdx) configuration resource (`KubeControllersConfiguration`) represents configuration options for the $[prodname] Kubernetes controllers.
 
 ## Sample YAML
@@ -25,6 +27,7 @@
       syncLabels: Enabled
       hostEndpoint:
         autoCreate: Disabled
+        createDefaultHostEndpoint: Enabled
     policy:
       reconcilerPeriod: 5m
     workloadEndpoint:
@@ -73,16 +76,37 @@
 
 | Field            | Description                                                                       | Accepted Values   | Schema                            | Default |
 | ---------------- | --------------------------------------------------------------------------------- | ----------------- | --------------------------------- | ------- |
-| reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore                  |                   | [Duration string][parse-duration] | 5m      |
-| syncLabels       | When enabled, Kubernetes node labels will be copied to $[prodname] node objects. | Enabled, Disabled | string                            | Enabled |
-| hostEndpoint     | Controls allocation of host endpoints                                             |                   | [HostEndpoint](#hostendpoint)     |         |
+| reconcilerPeriod | Period to perform reconciliation with the $[prodname] datastore                   |                   | [Duration string][parse-duration] | 5m      |
+| syncLabels       | When enabled, Kubernetes node labels will be copied to $[prodname] node objects.  | Enabled, Disabled | string                            | Enabled |
+| hostEndpoint     | Configure the host endpoint controller                                            |                   | [HostEndpoint](#hostendpoint)     |         |
 | leakGracePeriod  | Grace period to use when garbage collecting suspected leaked IP addresses.        |                   | [Duration string][parse-duration] | 15m     |
 
 ### HostEndpoint
 
-| Field      | Description                                                      | Accepted Values   | Schema | Default  |
-| ---------- | ---------------------------------------------------------------- | ----------------- | ------ | -------- |
-| autoCreate | When enabled, automatically create a host endpoint for each node | Enabled, Disabled | string | Disabled |
+| Field                     | Description                                                      | Accepted Values   | Schema                | Default  |
+| ------------------------- | ---------------------------------------------------------------- | ----------------- | --------------------- | -------- |
+| autoCreate                | When enabled, automatically create a host endpoints              | Enabled, Disabled | string                | Disabled |
+| createDefaultHostEndpoint | When enabled, default host endpoint will be created              | Enabled, Disabled | string                | Enabled  |
+| templates                 | Controlls creation of custom host endpoints                      |                   | [Template](#template) |          |
+
+### Template
+
+| Field                     | Description                                                                         | Accepted Values     | Schema                 | Default  |
+| ------------------------- | ----------------------------------------------------------------------------------- | ------------------- | ---------------------- | -------- |
+| name                      | Unique name used as suffix for host endpoints created based on this template        | Alphanumeric string | string                 |          |
+| nodeSelector              | Selects the nodes for which this template should create host endpoint               |                     | [Selector](#selectors) | all()    |
+| interfaceSelectorCIDR     | List of networks specified in CIDR notation                                         | List of valid CIDRs | List string            |          |
+| labels                    | Labels to be added to generated host endpoints matching this template               |                     | [Label](#label)        |          |
+
+### Label
+| Field                     | Description                                                      | Accepted Values     | Schema    | Default  |
+| ------------------------- | ---------------------------------------------------------------- | ------------------- | --------- | -------- |
+| name                      | Name for the label                                               | Alphanumeric string | string    |          |
+| value                     | Label value                                                      | Alphanumeric string | string    |          |
+
+### Selectors
+
+<Selectors />
 
 ### PolicyController