helm: Always delete AWS iptable rules

This change causes Cilium DaemonSet postStart hook to always delete AWS iptable rules unless `cni.chainingMode` is set to `aws-cni`. This will result in the postStart hook being a noop in all non-AWS deployments. Unfortunately there is no way for helm chart to know whether it is running on AWS not in ENI mode. This approach will make sure that we are deleting AWS-specific iptables rules that cause issues while not requiring us to introduce new configuration flags for users. Signed-off-by: Maciej Kwiek <maciej@isovalent.com>
cilium · Oct 26, 2023 · 74632a5 · 74632a5
1 parent 7a4c5fb
commit 74632a5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml
@@ -213,7 +213,7 @@ spec:
         {{- end }}
         {{- if .Values.cni.install }}
         lifecycle:
-          {{- if .Values.eni.enabled }}
+          {{- if ne .Values.cni.chainingMode "aws-cni" }}
           postStart:
             exec:
               command: