From d9ea2d83303d5bc13de69395ddc6bf4acb248bfa Mon Sep 17 00:00:00 2001
From: Phil Gebhardt <phil@gremlin.com>
Date: Thu, 22 Jan 2026 14:37:45 -0800
Subject: [PATCH] Expose feature for disabling new CIDR tags

An upcoming Gremlin release will include functinality to send up
additional IP address ranges associated with the node on which Gremlin
is installed. This will increase the blast radius of the Zone
reliability test.

To provide a way to disable this blast radius increase, provide a simple
feature that users can toggle.
---
 gremlin/Chart.yaml                |  2 +-
 gremlin/templates/daemonset.yaml  |  6 ++++++
 gremlin/tests/daemonset_test.yaml | 26 ++++++++++++++++++++++++++
 gremlin/values.yaml               | 10 ++++++++++
 4 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/gremlin/Chart.yaml b/gremlin/Chart.yaml
index 8478fad..68de2eb 100644
--- a/gremlin/Chart.yaml
+++ b/gremlin/Chart.yaml
@@ -1,5 +1,5 @@
 name: gremlin
-version: 0.24.2
+version: 0.24.3
 description: The Gremlin Inc client application
 apiVersion: v1
 home: https://www.gremlin.com
diff --git a/gremlin/templates/daemonset.yaml b/gremlin/templates/daemonset.yaml
index 748c81c..893c8d7 100644
--- a/gremlin/templates/daemonset.yaml
+++ b/gremlin/templates/daemonset.yaml
@@ -136,6 +136,12 @@ spec:
             value: {{ .Values.gremlin.collect.dns | quote }}
           - name: GREMLIN_SERVICE_URL
             value: {{ include "gremlinServiceUrl" . }}
+          {{- if not .Values.gremlin.features.pushCIDRTags.enabled }}
+          - name: GREMLIN_PUSH_POD_CIDR_TAGS
+            value: "false"
+          - name: GREMLIN_PUSH_ZONE_CIDR_TAGS
+            value: "false"
+          {{- end }}
           {{- if .Values.gremlin.proxy.url }}
           - name: https_proxy
             value: {{ .Values.gremlin.proxy.url }}
diff --git a/gremlin/tests/daemonset_test.yaml b/gremlin/tests/daemonset_test.yaml
index ca03954..5483554 100644
--- a/gremlin/tests/daemonset_test.yaml
+++ b/gremlin/tests/daemonset_test.yaml
@@ -249,3 +249,29 @@ tests:
             name: docker-sock
             hostPath:
               path: /var/run/docker.sock
+  - it: should not explicitly set environment variables by default
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: GREMLIN_PUSH_POD_CIDR_TAGS
+            value: "false"
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: GREMLIN_PUSH_ZONE_CIDR_TAGS
+            value: "false"
+  - it: should explicitly set environment variables when features.pushCIDRTags.enabled=false
+    set:
+      gremlin.features.pushCIDRTags.enabled: false
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: GREMLIN_PUSH_POD_CIDR_TAGS
+            value: "false"
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: GREMLIN_PUSH_ZONE_CIDR_TAGS
+            value: "false"
diff --git a/gremlin/values.yaml b/gremlin/values.yaml
index 9672ce9..12ab486 100644
--- a/gremlin/values.yaml
+++ b/gremlin/values.yaml
@@ -280,6 +280,16 @@ gremlin:
     discoverDestinationService:
       enabled: false
 
+    # gremlin.features.pushCIDRTags.enabled
+    # Tell Gremlin to push tag values that describe CIDR values associated with the host on which Gremlin is installed.
+    #   When enabled, this helm chart does nothing, as the default behavior is to push these tags.
+    #   When disabled, this helm chart passes `GREMLIN_PUSH_POD_CIDR_TAGS=false` and `GREMLIN_PUSH_ZONE_CIDR_TAGS=false` to
+    #   the environment of the gremlind Daemonset.
+    #
+    # See: https://www.gremlin.com/docs/getting-started-network-tags#the-zone-tag
+    pushCIDRTags:
+      enabled: true
+
 chao:
 
   # chao.create