diff --git a/CHANGELOG.md b/CHANGELOG.md index f9026b610..4ff19dd04 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Disable masquerading when cilium is in ENI mode. + ## [5.8.0-patch1] - 2023-09-26 ### Added diff --git a/service/controller/resource/clusterconfigmap/desired.go b/service/controller/resource/clusterconfigmap/desired.go index e800098f3..00959a5bc 100644 --- a/service/controller/resource/clusterconfigmap/desired.go +++ b/service/controller/resource/clusterconfigmap/desired.go @@ -233,9 +233,6 @@ func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) ([]*cor "mode": "eni", } - // there is autodiscoverability on the VPC CIDrs - ciliumValues["ipv4NativeRoutingCIDR"] = podCIDR - // https://docs.cilium.io/en/v1.13/network/concepts/routing/#id5 ciliumValues["endpointRoutes"] = map[string]interface{}{ "enabled": true, @@ -247,7 +244,7 @@ func (r *Resource) GetDesiredState(ctx context.Context, obj interface{}) ([]*cor }, } - ciliumValues["egressMasqueradeInterfaces"] = "eth+" + ciliumValues["enableIPv4Masquerade"] = false ciliumValues["tunnel"] = "disabled" // Used by cilium to tag ENIs it creates and be able to filter and clean them up. ciliumValues["cluster"] = map[string]interface{}{