endpoint: Refactor init of EndpointDatapathConfiguration

EndpointDatapathConfiguration is initialized for every new endpoint
based on whether per-endpoint routes are enabled. As commit dd59d1f
("health: Disable routing in BPF when per-endpoint routes are enabled")
illustrates, this can lead to error where some initializations are
updated and not others.

This commit consolidates all initializations under a new helper
function.

Signed-off-by: Paul Chaignon <paul@cilium.io>

cilium-health/launch/endpoint.go

@@ -266,15 +266,8 @@ func LaunchAsEndpoint(baseCtx context.Context,
 		ip4Address = &net.IPNet{IP: healthIP, Mask: defaults.ContainerIPv4Mask}
 	}
 
-	if option.Config.EnableEndpointRoutes {
-		disabled := false
-		dpConfig := &models.EndpointDatapathConfiguration{
-			InstallEndpointRoute: true,
-			RequireEgressProg:    true,
-			RequireRouting:       &disabled,
-		}
-		info.DatapathConfiguration = dpConfig
-	}
+	dpConfig := endpoint.NewDatapathConfiguration()
+	info.DatapathConfiguration = &dpConfig
 
 	netNS, err := netns.ReplaceNetNSWithName(netNSName)
 	if err != nil {

daemon/cmd/endpoint.go

@@ -306,24 +306,20 @@ func (m *endpointCreationManager) DebugStatus() (output string) {
 // createEndpoint attempts to create the endpoint corresponding to the change
 // request that was specified.
 func (d *Daemon) createEndpoint(ctx context.Context, owner regeneration.Owner, epTemplate *models.EndpointChangeRequest) (*endpoint.Endpoint, int, error) {
-	if option.Config.EnableEndpointRoutes {
-		if epTemplate.DatapathConfiguration == nil {
-			epTemplate.DatapathConfiguration = &models.EndpointDatapathConfiguration{}
+	if epTemplate.DatapathConfiguration == nil {
+		dpConfig := endpoint.NewDatapathConfiguration()
+		epTemplate.DatapathConfiguration = &dpConfig
+	} else {
+		if option.Config.EnableEndpointRoutes {
+			epTemplate.DatapathConfiguration.InstallEndpointRoute = true
+			epTemplate.DatapathConfiguration.RequireEgressProg = true
+			disabled := false
+			epTemplate.DatapathConfiguration.RequireRouting = &disabled
+		} else {
+			epTemplate.DatapathConfiguration.InstallEndpointRoute = false
+			epTemplate.DatapathConfiguration.RequireEgressProg = false
+			epTemplate.DatapathConfiguration.RequireRouting = nil
 		}
-
-		// Indicate to insert a per endpoint route instead of routing
-		// via cilium_host interface
-		epTemplate.DatapathConfiguration.InstallEndpointRoute = true
-
-		// Since routing occurs via endpoint interface directly, BPF
-		// program is needed on that device at egress as BPF program on
-		// cilium_host interface is bypassed
-		epTemplate.DatapathConfiguration.RequireEgressProg = true
-
-		// Delegate routing to the Linux stack rather than tail-calling
-		// between BPF programs.
-		disabled := false
-		epTemplate.DatapathConfiguration.RequireRouting = &disabled
 	}
 
 	log.WithFields(logrus.Fields{

pkg/endpoint/endpoint.go

@@ -870,6 +870,28 @@ func parseEndpoint(ctx context.Context, owner regeneration.Owner, bEp []byte) (*
 	return &ep, nil
 }
 
+// NewDatapathConfiguration return the default endpoint datapath configuration
+// based on whether per-endpoint routes are enabled.
+func NewDatapathConfiguration() models.EndpointDatapathConfiguration {
+	config := models.EndpointDatapathConfiguration{}
+	if option.Config.EnableEndpointRoutes {
+		// Indicate to insert a per endpoint route instead of routing
+		// via cilium_host interface
+		config.InstallEndpointRoute = true
+
+		// Since routing occurs via endpoint interface directly, BPF
+		// program is needed on that device at egress as BPF program on
+		// cilium_host interface is bypassed
+		config.RequireEgressProg = true
+
+		// Delegate routing to the Linux stack rather than tail-calling
+		// between BPF programs.
+		disabled := false
+		config.RequireRouting = &disabled
+	}
+	return config
+}
+
 func (e *Endpoint) LogStatus(typ StatusType, code StatusCode, msg string) {
 	e.unconditionalLock()
 	defer e.unlock()