feat(helm): add ability to have cp start on hostNetwork (#4209)

For alternate overlay networking(other than the basic CNI provided by EKS for example, like cilium),
This is mandatory value that has to be set, otherwise it will have communication errors with the control plane.
If you are using the default CNI component, it's running on the default network.

Implement hostNetwork: true in cp-deployment.yaml file.

Signed-off-by: Sally Blich <sally.blich@walkme.com>
Signed-off-by: Paul Parkanzky <paul.parkanzky@konghq.com>

app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml

@@ -1783,6 +1783,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.defaults.golden.yaml

@@ -1608,6 +1608,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml

@@ -180,6 +180,9 @@ controlPlane:
       # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma.
       additionalRules: ""
 
+  # -- Specifies if the deployment should be started in hostNetwork mode.
+  hostNetwork: false
+
   # -- Security context at the pod level for control plane.
   podSecurityContext: {}
 #    # The values below are examples. More values can be added as needed, since the field resolves as free form.

app/kumactl/cmd/install/testdata/install-control-plane.global.golden.yaml

@@ -1618,6 +1618,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.override-env-vars.golden.yaml

@@ -1608,6 +1608,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.overrides.golden.yaml

@@ -2012,6 +2012,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "kuma-ci/kuma-cp:greatest"

app/kumactl/cmd/install/testdata/install-control-plane.with-egress.golden.yaml

@@ -1637,6 +1637,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.with-helm-set.yaml

@@ -1670,6 +1670,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml

@@ -1608,6 +1608,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.with-ingress.golden.yaml

@@ -1641,6 +1641,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

app/kumactl/cmd/install/testdata/install-control-plane.zone.golden.yaml

@@ -1612,6 +1612,7 @@ spec:
 
         kubernetes.io/arch: amd64
         kubernetes.io/os: linux
+      hostNetwork: false
       containers:
         - name: control-plane
           image: "docker.io/kumahq/kuma-cp:0.0.1"

deployments/charts/kuma/README.md

@@ -61,6 +61,7 @@ A Helm chart for the Kuma Control Plane
 | controlPlane.extraSecrets | list | `[]` | Additional secrets to mount into the control plane |
 | controlPlane.webhooks.validator.additionalRules | string | `""` | Additional rules to apply on Kuma validator webhook. Useful when building custom policy on top of Kuma. |
 | controlPlane.webhooks.ownerReference.additionalRules | string | `""` | Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma. |
+| controlPlane.hostNetwork | bool | `false` | Specifies if the deployment should be started in hostNetwork mode. |
 | controlPlane.podSecurityContext | object | `{}` | Security context at the pod level for control plane. |
 | controlPlane.containerSecurityContext | object | `{}` | Security context at the container level for control plane. |
 | cni.enabled | bool | `false` | Install Kuma with CNI instead of proxy init container |

deployments/charts/kuma/templates/cp-deployment.yaml

@@ -51,6 +51,7 @@ spec:
       nodeSelector:
         {{ toYaml . | nindent 8 }}
       {{- end }}
+      hostNetwork: {{ .Values.controlPlane.hostNetwork }}
       containers:
         - name: control-plane
           image: {{ include "kuma.formatImage" (dict "image" .Values.controlPlane.image "root" $) | quote }}

deployments/charts/kuma/values.yaml

@@ -180,6 +180,9 @@ controlPlane:
       # -- Additional rules to apply on Kuma owner reference webhook. Useful when building custom policy on top of Kuma.
       additionalRules: ""
 
+  # -- Specifies if the deployment should be started in hostNetwork mode.
+  hostNetwork: false
+
   # -- Security context at the pod level for control plane.
   podSecurityContext: {}
 #    # The values below are examples. More values can be added as needed, since the field resolves as free form.