Merge pull request #229 from axel7born/iptables-nat-rules

Fix error with iptables-nft.

charts/internal/cilium/charts/config/templates/configmap.yaml

@@ -319,7 +319,7 @@ data:
   enable-ipv4-masquerade: {{ .Values.global.enableIpv4Masquerade | quote }}
   enable-ipv6-big-tcp: {{ .Values.global.enableIpv6BigTCP | quote }}
   enable-ipv6-masquerade: {{ .Values.global.enableIpv6Masquerade | quote }}
-{{- if not .Values.global.snatToUpstreamDNS.enabled }}
+{{- if ne .Values.global.tunnel "disabled" }}
   enable-bpf-masquerade:  {{ .Values.global.enableBPFMasquerade | quote }}
 {{- end }}
 

pkg/charts/utils.go

@@ -276,7 +276,10 @@ func generateChartValues(config *ciliumv1alpha1.NetworkConfig, network *extensio
 
 	// check if ipv4 native routing cidr is set
 	if config.IPv4NativeRoutingCIDREnabled != nil && *config.IPv4NativeRoutingCIDREnabled {
-		globalConfig.IPv4NativeRoutingCIDR = "0.0.0.0/0"
+		if cluster.Shoot.Spec.Networking.Pods == nil {
+			return requirementsConfig, globalConfig, fmt.Errorf("pods cidr required for setting ipv4 native routing cidr was not yet set")
+		}
+		globalConfig.IPv4NativeRoutingCIDR = *cluster.Shoot.Spec.Networking.Pods
 	}
 
 	if config.SnatToUpstreamDNS != nil && config.SnatToUpstreamDNS.Enabled {

pkg/controller/actuator_reconcile.go

@@ -93,10 +93,6 @@ func (a *actuator) Reconcile(ctx context.Context, _ logr.Logger, network *extens
 		if networkConfig.Overlay != nil && !networkConfig.Overlay.Enabled {
 			networkConfig.TunnelMode = (*ciliumv1alpha1.TunnelMode)(pointer.String(string(ciliumv1alpha1.Disabled)))
 			networkConfig.IPv4NativeRoutingCIDREnabled = pointer.Bool(true)
-			networkConfig.SnatOutOfCluster = &ciliumv1alpha1.SnatOutOfCluster{Enabled: true}
-			if networkConfig.SnatToUpstreamDNS == nil {
-				networkConfig.SnatToUpstreamDNS = &ciliumv1alpha1.SnatToUpstreamDNS{Enabled: true}
-			}
 		}
 	}