[ upstream commit 40f2d3f ]

Currently, the flag `loadbalancer-l7` isn't properly registered.

Even though it's working fine when reading the config property from
the Cilium Configmap, it's not working when trying to use the
flag as Go flag.

```
2024-10-29T16:24:26Z debug layer=debugger Adding target 23 "/usr/bin/cilium-operator-generic-bin --config-dir=/tmp/cilium/config-map --debug=true --loadbalancer-l7=envoy"
Error: unknown flag: --loadbalancer-l7
```

Therefore, this commit is moving the config property into the respective
Hive Cell where it gets properly registered.

Reported-by: André Martins <andre@cilium.io>
Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
Signed-off-by: Jussi Maki <jussi@isovalent.com>

…Error for peer manager client

[ upstream commit 0b8beea ]

When connecting to the hubble peer manager ensure we return the
underlying connection error so it's easier to diagnose connection
related problems.

Currently the only error returned is the context timeout:

```
time="2024-09-18T21:13:13Z" level=warning msg="Failed to create peer client for peers synchronization; will try again after the timeout has expired" error="context deadline exceeded" subsys=hubble-relay target="hubble-peer.kube-system.svc.cluster.local.:443"
```

This will ensure the underlying connection level error is returned when
the context is cancelled.

In the future we should switch to not using grpc.WithBlock at all which
avoids many of these problems, but that requires more testing. In the
short-term, lets set these dial options to improve things now, in-case
the switch to non-blocking dials is delayed.

Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com>
Signed-off-by: Jussi Maki <jussi@isovalent.com>

[ upstream commit 9ee0ee4 ]

This commit removes a warning that was intended to warn the user that
running in native routing mode without a correct native routing CIDR
will lead to problems.

However, the conditions for the warning are not fully correct. There are
native routing setups where the user does not need to specify a native
routing CIDR, namely:

  1. The user is running in ENI or AlibabaCloud IPAM, where the native
     routing CIDR is auto-detected if not explicitly configured.
  2. The user is running with BPF ip-masq-agent where the native routing
     CIDR is optional (as there are other means of specifying exclusion
     CIDRs).
  3. The user is not running with Cilium-based masquerading.

The existing warning did not trigger for case 1, as the if condition
checked for `auto-direct-node-routes` rather than the `routing-mode`
flag, and `auto-direct-node-routes` is not used on ENI/AlibabaCloud IPAM
modes.

However, the warning would trigger for cases 2 and 3, which is
incorrect. Cases 2 and 3 should not emit a warning either. And indeed
already have a check on the native routing CIDR that handles all three
cases correctly, namely `checkIPv{4,6}NativeRoutingCIDR` here:

https://github.com/cilium/cilium/blob/bc26c6d3a74e3bfbeb1149e5116de51c496dd254/pkg/option/config.go#L3451-L3476

Therefore, we can safely remove the warning in this commit, as the
conditions are already covered by `checkIPv{4,6}NativeRoutingCIDR`. I
have also manually tested that the check does take effect if one sets
`routingMode=native` and `autoDirectNodeRoutes=true` without specifying
a native routing CIDR.

Fixes: 6743d28 ("daemon: warn if auto direct node routes is set without a native routing CIDR")

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Signed-off-by: Jussi Maki <jussi@isovalent.com>