proxy: Re-enable proxy rule installation in tunnel mode

This commit is to re-enable proxy rule installation in tunnel mode, as route 2005 was added back, and we need this rule to handle the hairpinning trafic in Ingress L7 proxy if the backend is on the same node. Relates: 0ebe516 Relates: #29530, #29864 Signed-off-by: Tam Mach <tam.mach@cilium.io>
cilium · Mar 18, 2024 · 669e7ac · 669e7ac
1 parent e8bed8d
commit 669e7ac
Showing 1 changed file with 8 additions and 20 deletions.
diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
@@ -412,14 +412,8 @@ func (p *Proxy) ReinstallRoutingRules() error {
 			return err
 		}
 
-		if !option.Config.EnableIPSec || option.Config.TunnelingEnabled() {
-			if err := removeFromProxyRoutesIPv4(); err != nil {
-				return err
-			}
-		} else {
-			if err := installFromProxyRoutesIPv4(node.GetInternalIPv4Router(), defaults.HostDevice); err != nil {
-				return err
-			}
+		if err := installFromProxyRoutesIPv4(node.GetInternalIPv4Router(), defaults.HostDevice); err != nil {
+			return err
 		}
 	} else {
 		if err := removeToProxyRoutesIPv4(); err != nil {
@@ -435,18 +429,12 @@ func (p *Proxy) ReinstallRoutingRules() error {
 			return err
 		}
 
-		if !option.Config.EnableIPSec || option.Config.TunnelingEnabled() {
-			if err := removeFromProxyRoutesIPv6(); err != nil {
-				return err
-			}
-		} else {
-			ipv6, err := getCiliumNetIPv6()
-			if err != nil {
-				return err
-			}
-			if err := installFromProxyRoutesIPv6(ipv6, defaults.HostDevice); err != nil {
-				return err
-			}
+		ipv6, err := getCiliumNetIPv6()
+		if err != nil {
+			return err
+		}
+		if err := installFromProxyRoutesIPv6(ipv6, defaults.HostDevice); err != nil {
+			return err
 		}
 	} else {
 		if err := removeToProxyRoutesIPv6(); err != nil {