Update Cilium extension to support Cilium 1.15

charts/internal/control-plane/templates/cloud-controller-manager.yaml

@@ -100,6 +100,8 @@ spec:
             value: {{ .Values.cloudControllerManager.additionalNetworks }}
           - name: METAL_SSH_PUBLICKEY
             value: {{ .Values.cloudControllerManager.sshPublicKey | quote }}
+          - name: LOADBALANCER
+            value: {{ .Values.cloudControllerManager.loadBalancer }}
         livenessProbe:
           httpGet:
             path: /healthz

charts/internal/control-plane/values.yaml

@@ -37,6 +37,7 @@ cloudControllerManager:
   clusterID: cluster-id
   defaultExternalNetwork: external-network-id
   additionalNetworks: internet,mpls
+  loadbalancer: metallb
   sshPublicKey: publickey
   metal:
     endpoint: api-url

go.mod

@@ -2,13 +2,14 @@ module github.com/metal-stack/gardener-extension-provider-metal
 
 go 1.22
 
+replace github.com/gardener/gardener-extension-networking-cilium => github.com/metal-stack/gardener-extension-networking-cilium v1.16.1-0.20240510132804-f1f2b0fdce23
+
 require (
-	github.com/Masterminds/semver v1.5.0
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/gardener/etcd-druid v0.19.2
-	github.com/gardener/gardener v1.80.7
+	github.com/gardener/gardener v1.81.0
 	github.com/gardener/gardener-extension-networking-calico v1.36.1
 	github.com/gardener/gardener-extension-networking-cilium v1.26.0
 	github.com/gardener/machine-controller-manager v0.49.3
@@ -20,7 +21,7 @@ require (
 	github.com/metal-stack/firewall-controller-manager v0.4.0
 	github.com/metal-stack/firewall-controller/v2 v2.3.3
 	github.com/metal-stack/metal-go v0.31.1
-	github.com/metal-stack/metal-lib v0.16.2
+	github.com/metal-stack/metal-lib v0.16.3
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.33.1
 	github.com/spf13/cobra v1.8.0
@@ -40,7 +41,9 @@ require (
 require (
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/sprig v2.22.0+incompatible // indirect
+	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -122,7 +125,9 @@ require (
 	github.com/prometheus/procfs v0.13.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
+	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opentelemetry.io/otel v1.24.0 // indirect

go.sum

@@ -604,10 +604,13 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
+github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 h1:+XfOU14S4bGuwyvCijJwhhBIjYN+YXS18jrCY2EzJaY=
@@ -718,19 +721,19 @@ github.com/fluent/fluent-operator/v2 v2.2.0 h1:97CiP6WKOHRM7zY/zCynX187Rg+T8hgx2
 github.com/fluent/fluent-operator/v2 v2.2.0/go.mod h1:v/q0zLEOWP6MKHP7xvrhtASZTwlrk4LcCne/kgPQ7J0=
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/gardener/etcd-druid v0.19.2 h1:Z8TTbmVUxZ7UWU5iJAwUHUI6A9E5Mfd5JcvokVfYH1A=
 github.com/gardener/etcd-druid v0.19.2/go.mod h1:0Q9nKPiONDac/Gr0SZYFkVXHGt/Yt//rcRfDIUfftZo=
-github.com/gardener/gardener v1.80.7 h1:Ex0raWkTu3JjPVYOMyHpK3ZetohrMfwAXAU+btM18Kc=
-github.com/gardener/gardener v1.80.7/go.mod h1:lE2AGgezR4QZbYJhs0nTPw2dDFY0puYreIYPbDS8HWc=
+github.com/gardener/gardener v1.81.0 h1:pFmDRTCnImXD4H1B6guBZRtCUBBTonib8Ua5DmGlUSk=
+github.com/gardener/gardener v1.81.0/go.mod h1:HPeLu4C0lD0B4m40pdMxIy9tiIOrAe1GLCTKnKqgmdg=
 github.com/gardener/gardener-extension-networking-calico v1.36.1 h1:WyAdADamhxQgcCBrQOZAeSM/wm/urmmwBaqd2YLc7MY=
 github.com/gardener/gardener-extension-networking-calico v1.36.1/go.mod h1:GFmktIEzLxrOV6uNrCREeKjIkwYK6TlVOEPP7dffjAM=
-github.com/gardener/gardener-extension-networking-cilium v1.26.0 h1:hghmB83FfCzUqFX/q9lxh/u5CsqjEKf6ANQdDGYFcXk=
-github.com/gardener/gardener-extension-networking-cilium v1.26.0/go.mod h1:ixbT/aEudk7+5IJpsZJB34ZjR+oLvn0WZd+xMdIVu9M=
 github.com/gardener/hvpa-controller/api v0.5.0 h1:f4F3O7YUrenwh4S3TgPREPiB287JjjUiUL18OqPLyAA=
 github.com/gardener/hvpa-controller/api v0.5.0/go.mod h1:QQl3ELkCaki+8RhXl0FZMfvnm0WCGwGJlGmrxJj6lvM=
 github.com/gardener/machine-controller-manager v0.49.3 h1:/ghxZVMij00SpeaORMZJlodosePWWByrIOr8fcp45sU=
@@ -910,6 +913,7 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -947,12 +951,14 @@ github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -1025,22 +1031,28 @@ github.com/metal-stack/firewall-controller-manager v0.4.0 h1:a2vskWMCjaDw7PhwLpm
 github.com/metal-stack/firewall-controller-manager v0.4.0/go.mod h1:tp/yt1nv3P1pmNnkW4r4LJqLTxjZhZ8IgANXQvx/HFg=
 github.com/metal-stack/firewall-controller/v2 v2.3.3 h1:4NrSFGl9NdUHQpKZK867ti6z0bPvZNPuP3ec1a7vGT8=
 github.com/metal-stack/firewall-controller/v2 v2.3.3/go.mod h1:Zo3HIlqqzWyvPGIpfWzsxkQjrIkmZHYtKgld71q24FE=
+github.com/metal-stack/gardener-extension-networking-cilium v1.16.1-0.20240510132804-f1f2b0fdce23 h1:NIloWL0ES3VscClkU49BqeCzqBcsniQv6xFx+D7aRII=
+github.com/metal-stack/gardener-extension-networking-cilium v1.16.1-0.20240510132804-f1f2b0fdce23/go.mod h1:m2c6m3UNI3fLiqna/2m40Tdveep4CLUByIRfci2yw64=
 github.com/metal-stack/metal-go v0.31.1 h1:1U31FuqhUveKxlIYrlrzjIhQLEqrlsm7ohZnZGMZz/E=
 github.com/metal-stack/metal-go v0.31.1/go.mod h1:3MJTYCS4YJz8D8oteTKhjpaAKNMMjMKYDrIy9awHGtQ=
 github.com/metal-stack/metal-lib v0.16.2 h1:RJls/Spai4h5xr3BEmQt9UdWNN4RB9+SOINoZcjYaA8=
 github.com/metal-stack/metal-lib v0.16.2/go.mod h1:nyNGI4DZFOcWbSoq2Y6V3SHpFxuXBIqYBZHTb6cy//s=
+github.com/metal-stack/metal-lib v0.16.3 h1:xJr6P9GauQK49aoFH0bFyye5kRGmt87PomokulUm4Go=
+github.com/metal-stack/metal-lib v0.16.3/go.mod h1:nyNGI4DZFOcWbSoq2Y6V3SHpFxuXBIqYBZHTb6cy//s=
 github.com/metal-stack/security v0.8.0 h1:tVaSDB9m5clwYrnLyaXfPy7mQlJTnmeoHscG+RUy/xo=
 github.com/metal-stack/security v0.8.0/go.mod h1:7GAcQb+pOgflW30ohJygxpqc3i0dQ2ahGJK1CU5tqa0=
 github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
 github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY=
 github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE=
+github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
 github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
@@ -1170,6 +1182,8 @@ github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfF
 github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk=
 github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
 github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@@ -1181,6 +1195,9 @@ github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z
 github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
+github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
@@ -1268,6 +1285,7 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=

pkg/admission/mutator/config.go

@@ -7,10 +7,15 @@ import (
 
 	calicoextensionv1alpha1 "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1"
 	ciliumextensionv1alpha1 "github.com/gardener/gardener-extension-networking-cilium/pkg/apis/cilium/v1alpha1"
+	gardenv1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 )
 
 type config struct{}
 
+func (c *config) ipFamilies() []string {
+	return c.slice("DEFAULTER_IPFAMILIES", []string{string(gardenv1beta1.IPFamilyIPv4)})
+}
+
 func (c *config) allowedPrivilegedContainers() bool {
 	return c.bool("DEFAULTER_ALLOWEDPRIVILEGEDCONTAINERS", true)
 }
@@ -60,23 +65,31 @@ func (c *config) ciliumKubeProxyEnabled() bool {
 }
 
 func (c *config) ciliumPSPEnabled() bool {
-	return c.bool("DEFAULTER_CILIUMPSPENABLED", true)
+	return c.bool("DEFAULTER_CILIUMPSPENABLED", false)
 }
 
 func (c *config) ciliumTunnel() ciliumextensionv1alpha1.TunnelMode {
 	return ciliumextensionv1alpha1.TunnelMode(c.string("DEFAULTER_CILIUMTUNNEL", string(ciliumextensionv1alpha1.Disabled)))
 }
 
 func (c *config) ciliumDevices() []string {
-	return c.slice("DEFAULTER_CILIUMDEVICES", []string{"lan+"})
+	return c.slice("DEFAULTER_CILIUMDEVICES", []string{"lan+", "lo"})
+}
+
+func (c *config) ciliumDirectRoutingDevice() string {
+	return c.string("DEFAULTER_CILIUMDIRECTROUTINGDEVICE", "lo")
+}
+
+func (c *config) bgpControlPlaneEnabled() bool {
+	return c.bool("DEFAULTER_CILIUMBGPCONTROLPLANE", true)
 }
 
 func (c *config) ciliumIPv4NativeRoutingCIDREnabled() bool {
 	return c.bool("DEFAULTER_CILIUMIPV4NATIVEROUTINGCIDRENABLED", true)
 }
 
 func (c *config) ciliumLoadBalancingMode() ciliumextensionv1alpha1.LoadBalancingMode {
-	return ciliumextensionv1alpha1.LoadBalancingMode(c.string("DEFAULTER_CILIUMLOADBALANCINGMODE", string(ciliumextensionv1alpha1.DSR)))
+	return ciliumextensionv1alpha1.LoadBalancingMode(c.string("DEFAULTER_CILIUMLOADBALANCINGMODE", string(ciliumextensionv1alpha1.SNAT)))
 }
 
 func (c *config) ciliumMTU() int {

pkg/admission/mutator/defaulter.go

@@ -96,6 +96,14 @@ func (d *defaulter) defaultNetworking(shoot *gardenv1beta1.Shoot) error {
 		shoot.Spec.Networking = &gardenv1beta1.Networking{}
 	}
 
+	if shoot.Spec.Networking.IPFamilies == nil || len(shoot.Spec.Networking.IPFamilies) == 0 {
+		ipFamiles := make([]gardenv1beta1.IPFamily, 0)
+		for _, f := range d.c.ipFamilies() {
+			ipFamiles = append(ipFamiles, gardenv1beta1.IPFamily(f))
+		}
+		shoot.Spec.Networking.IPFamilies = ipFamiles
+	}
+
 	if pointer.SafeDeref(shoot.Spec.Networking.Type) == "" {
 		shoot.Spec.Networking.Type = pointer.Pointer(d.c.networkType())
 	}
@@ -202,6 +210,16 @@ func (d *defaulter) defaultCiliumConfig(shoot *gardenv1beta1.Shoot) error {
 		networkConfig.Devices = d.c.ciliumDevices()
 	}
 
+	if networkConfig.DirectRoutingDevice == nil {
+		networkConfig.DirectRoutingDevice = pointer.Pointer(d.c.ciliumDirectRoutingDevice())
+	}
+
+	if networkConfig.BGPControlPlane == nil {
+		networkConfig.BGPControlPlane = &ciliumextensionv1alpha1.BGPControlPlane{
+			Enabled: d.c.bgpControlPlaneEnabled(),
+		}
+	}
+
 	if networkConfig.IPv4NativeRoutingCIDREnabled == nil {
 		networkConfig.IPv4NativeRoutingCIDREnabled = pointer.Pointer(d.c.ciliumIPv4NativeRoutingCIDREnabled())
 	}

pkg/admission/mutator/defaulter_test.go

@@ -273,9 +273,10 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 						},
 					},
 					Networking: &gardenv1beta1.Networking{
-						Type:     pointer.Pointer("calico"),
-						Pods:     pointer.Pointer("10.240.0.0/13"),
-						Services: pointer.Pointer("10.248.0.0/18"),
+						Type:       pointer.Pointer("calico"),
+						Pods:       pointer.Pointer("10.240.0.0/13"),
+						Services:   pointer.Pointer("10.248.0.0/18"),
+						IPFamilies: []gardenv1beta1.IPFamily{gardenv1beta1.IPFamilyIPv4},
 						ProviderConfig: &runtime.RawExtension{
 							Object: &calicoextensionv1alpha1.NetworkConfig{
 								Backend: pointer.Pointer(calicoextensionv1alpha1.None),
@@ -352,20 +353,23 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 						},
 					},
 					Networking: &gardenv1beta1.Networking{
-						Type:     pointer.Pointer("cilium"),
-						Pods:     pointer.Pointer("10.240.0.0/13"),
-						Services: pointer.Pointer("10.248.0.0/18"),
+						Type:       pointer.Pointer("cilium"),
+						Pods:       pointer.Pointer("10.240.0.0/13"),
+						Services:   pointer.Pointer("10.248.0.0/18"),
+						IPFamilies: []gardenv1beta1.IPFamily{gardenv1beta1.IPFamilyIPv4},
 						ProviderConfig: &runtime.RawExtension{
 							Object: &ciliumextensionv1alpha1.NetworkConfig{
-								PSPEnabled: pointer.Pointer(true),
+								PSPEnabled: pointer.Pointer(false),
 								Hubble: &ciliumextensionv1alpha1.Hubble{
 									Enabled: true,
 								},
 								TunnelMode:                   pointer.Pointer(ciliumextensionv1alpha1.Disabled),
 								MTU:                          pointer.Pointer(1440),
-								Devices:                      []string{"lan+"},
-								LoadBalancingMode:            pointer.Pointer(ciliumextensionv1alpha1.DSR),
+								Devices:                      []string{"lan+", "lo"},
+								DirectRoutingDevice:          pointer.Pointer("lo"),
+								LoadBalancingMode:            pointer.Pointer(ciliumextensionv1alpha1.SNAT),
 								IPv4NativeRoutingCIDREnabled: pointer.Pointer(true),
+								BGPControlPlane:              &ciliumextensionv1alpha1.BGPControlPlane{Enabled: true},
 							},
 						},
 					},

pkg/controller/controlplane/add.go

@@ -51,7 +51,7 @@ func AddToManagerWithOptions(ctx context.Context, mgr manager.Manager, opts AddO
 		secretConfigsFunc, shootAccessSecretsFunc, nil, nil,
 		nil, controlPlaneChart, cpShootChart, nil, storageClassChart, nil,
 		NewValuesProvider(mgr, opts.ControllerConfig), extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot),
-		imagevector.ImageVector(), "", opts.ShootWebhookConfig, opts.WebhookServerNamespace, defaultServer.Options.Port,
+		imagevector.ImageVector(), "", opts.ShootWebhookConfig, opts.WebhookServerNamespace, int32(defaultServer.Options.Port),
 	)
 	if err != nil {
 		return err