Is there an existing issue for this?

• I have searched the existing issues

What happened?

We run cilium chained to aws-vpc-cni in EKS for clustermesh and network policy enforcement.

Going through the upgrade docs I see that tunnel is deprecated in favor of routing-mode and tunnel-protocol. In my helm values, I removed tunnel and set routingMode: native. This generated a configmap with the following section:

  # Encapsulation mode for communication between nodes
  # Possible values:
  #   - disabled
  #   - vxlan (default)
  #   - geneve
  # Default case
  routing-mode: "tunnel"
  tunnel-protocol: "vxlan"
  routing-mode: "native"

Upon application you end up with configmap with the following values:

  tunnel-protocol: "vxlan"
  routing-mode: "native"

I'm not sure this is a valid configuration. We manage our application using fluxcd and the multiple definitions in the configmap for routing-mode cause it to fail with an error. The short term work around is to keep tunnel: disabled and not set routingMode but I don't think the helm chart behavior is correct for this.

Cilium Version

v1.14.1

Kernel Version

Linux ip-10-16-106-43.us-west-2.compute.internal 5.10.186-179.751.amzn2.x86_64 #1 SMP Tue Aug 1 20:51:38 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

Kubernetes Version

v1.25.12

Sysdump

No response

Relevant log output

No response

Anything else?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct