cilium · tklauser · May 31, 2023 · May 31, 2023 · May 31, 2023 · May 31, 2023
@@ -506,6 +506,10 @@ func (t *Test) WithFeatureRequirements(reqs ...FeatureRequirement) *Test {
 // podCIDR => nodeIP routes needs to be installed on a node which doesn't run
 // Cilium before running the test (and removed after the test completion).
 func (t *Test) WithIPRoutesFromOutsideToPodCIDRs() *Test {
+	if !t.Context().Params().IncludeUnsafeTests {
+		t.Fatal("WithIPRoutesFromOutsideToPodCIDRs() requires enabling --include-unsafe-tests")
+	}
+
 	t.installIPRoutesFromOutsideToPodCIDRs = true
 
 	return t

@@ -56,6 +56,28 @@ func (k *K8sInstaller) detectDatapathMode(withKPR bool) error {
 		return nil
 	}
 
+	vals, err := k.getHelmValues()
+	if err != nil {
+		return err
+	}
+
+	routingMode := ""
+	for _, val := range vals {
+		val, ok := val.(string)
+		if ok && strings.HasPrefix(val, "routingMode") {
+			routingMode = strings.Split(val, "=")[1]
+		}
+
+	}
+	if routingMode == "native" {
+		k.params.DatapathMode = DatapathNative
+		return nil
+	}
+	if routingMode == "tunnel" {
+		k.params.DatapathMode = DatapathTunnel
+		return nil
+	}
+
 	switch k.flavor.Kind {
 	case k8s.KindKind:
 		k.params.DatapathMode = DatapathTunnel
@@ -168,8 +190,7 @@ func (k *K8sInstaller) autodetectAndValidate(ctx context.Context) error {
 	}
 
 	k.autodetectKubeProxy(ctx)
-	k.autoEnableBPFMasq()
-	return nil
+	return k.autoEnableBPFMasq()
 }
 
 func (k *K8sInstaller) autodetectKubeProxy(ctx context.Context) error {
@@ -239,12 +260,22 @@ func (k *K8sInstaller) autodetectKubeProxy(ctx context.Context) error {
 	return nil
 }
 
-func (k *K8sInstaller) autoEnableBPFMasq() {
+func (k *K8sInstaller) autoEnableBPFMasq() error {
+	vals, err := k.getHelmValues()
+	if err != nil {
+		return err
+	}
+
 	// Auto-enable BPF masquerading if KPR=strict and IPv6=disabled
 	foundKPRStrict := k.params.KubeProxyReplacement == "strict"
 	foundMasq := false
 	enabledIPv6 := false
-	for _, param := range k.params.HelmOpts.Values {
+	for _, param := range vals {
+		param, ok := param.(string)
+		if !ok {
+			continue
+		}
+
 		if !foundKPRStrict && param == "kubeProxyReplacement=strict" {
 			foundKPRStrict = true
 			continue
@@ -263,4 +294,6 @@ func (k *K8sInstaller) autoEnableBPFMasq() {
 		k.params.HelmOpts.Values = append(k.params.HelmOpts.Values,
 			"bpf.masquerade=true")
 	}
+
+	return nil
 }
@@ -43,6 +43,7 @@ import (
 
 const (
 	DatapathTunnel    = "tunnel"
+	DatapathNative    = "native"
 	DatapathAwsENI    = "aws-eni"
 	DatapathGKE       = "gke"
 	DatapathAzure     = "azure"

@@ -228,7 +228,7 @@ func addCommonInstallFlags(cmd *cobra.Command, params *install.Parameters) {
 	cmd.Flags().StringVar(&params.ClusterName, "cluster-name", "", "Name of the cluster")
 	cmd.Flags().MarkDeprecated("cluster-name", "This can now be overridden via `helm-set` (Helm value: `cluster.name`).")
 	cmd.Flags().StringVar(&params.Version, "version", defaults.Version, "Cilium version to install")
-	cmd.Flags().StringVar(&params.DatapathMode, "datapath-mode", "", "Datapath mode to use { tunnel | aws-eni | gke | azure | aks-byocni } (default: autodetected).")
+	cmd.Flags().StringVar(&params.DatapathMode, "datapath-mode", "", "Datapath mode to use { tunnel | native | aws-eni | gke | azure | aks-byocni } (default: autodetected).")
 	cmd.Flags().BoolVar(&params.ListVersions, "list-versions", false, "List all the available versions without actually installing")
 	cmd.Flags().StringSliceVar(&params.NodesWithoutCilium, "nodes-without-cilium", []string{}, "List of node names on which Cilium will not be installed. In Helm installation mode, it's assumed that the no-schedule node labels are present and that the infastructure has set up routing on these nodes to provide connectivity within the Cilium cluster.")
 }