iptables: Read CNI chaining mode from CNI config manager

CNI chaining mode option has been moved to the CNI cell in commit 1254bf4. Since it is not a global config option anymore, iptables manager will not see any change to that value, and its field `CNIChainingMode` will always be an empty string. Thus, with the following config option values: - "enable-endpoint-routes": true - "cni-chaining-mode": "aws-cni" the delivery interface referenced in the rules installed by the manager is "lxc+" instead of "eni+". This commit fixes this adding a CNI config manager reference to the iptables manager parameters, in order to read the current setting for the chaining mode during rules installation. Fixes: 1254bf4 ("daemon / cni: move to Cell, watch for changes") Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
cilium · Feb 29, 2024 · 77053ae · 77053ae
1 parent cd53c4f
commit 77053ae
Showing 1 changed file with 13 additions and 10 deletions.
diff --git a/pkg/datapath/iptables/iptables.go b/pkg/datapath/iptables/iptables.go
@@ -18,6 +18,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/vishvananda/netlink"
 
+	"github.com/cilium/cilium/daemon/cmd/cni"
 	"github.com/cilium/cilium/pkg/backoff"
 	"github.com/cilium/cilium/pkg/byteorder"
 	"github.com/cilium/cilium/pkg/cidr"
@@ -270,7 +271,7 @@ type Manager struct {
 	haveSocketMatch      bool
 	haveBPFSocketAssign  bool
 	ipEarlyDemuxDisabled bool
-	CNIChainingMode      string
+	cniConfigManager     cni.CNIConfigManager
 }
 
 type params struct {
@@ -279,21 +280,23 @@ type params struct {
 	Logger    logrus.FieldLogger
 	Lifecycle cell.Lifecycle
 
-	ModulesMgr *modules.Manager
-	Sysctl     sysctl.Sysctl
+	ModulesMgr       *modules.Manager
+	Sysctl           sysctl.Sysctl
+	CNIConfigManager cni.CNIConfigManager
 
 	Cfg       Config
 	SharedCfg SharedConfig
 }
 
 func newIptablesManager(p params) *Manager {
 	iptMgr := &Manager{
-		logger:        p.Logger,
-		modulesMgr:    p.ModulesMgr,
-		sysctl:        p.Sysctl,
-		cfg:           p.Cfg,
-		sharedCfg:     p.SharedCfg,
-		haveIp6tables: true,
+		logger:           p.Logger,
+		modulesMgr:       p.ModulesMgr,
+		sysctl:           p.Sysctl,
+		cfg:              p.Cfg,
+		sharedCfg:        p.SharedCfg,
+		haveIp6tables:    true,
+		cniConfigManager: p.CNIConfigManager,
 	}
 
 	p.Lifecycle.Append(iptMgr)
@@ -1088,7 +1091,7 @@ func (m *Manager) getDeliveryInterface(ifName string) string {
 	switch {
 	case m.sharedCfg.EnableEndpointRoutes:
 		// aws-cni creates container interfaces with names like eni621c0fc8425.
-		if m.CNIChainingMode == "aws-cni" {
+		if m.cniConfigManager.GetChainingMode() == "aws-cni" {
 			return "eni+"
 		}
 		return "lxc+"