advertised network isolation: use LportEgressAfterLB for ACLs

kyrtapz · kyrtapz · commit 6ca6d9ba6f71 · 2025-05-16T17:28:40.000+02:00
Signed-off-by: Patryk Diak &lt;pdiak@redhat.com&gt;
diff --git a/go-controller/pkg/ovn/base_network_controller.go b/go-controller/pkg/ovn/base_network_controller.go
@@ -1228,7 +1228,7 @@ func BuildAdvertisedNetworkSubnetsDropACL(advertisedNetworkSubnetsAddressSet add
 		strings.Join(dropMatches, " || "),
 		nbdb.ACLActionDrop,
 		nil,
-		libovsdbutil.LportEgress)
+		libovsdbutil.LportEgressAfterLB)
 	dropACL.Tier = types.PrimaryACLTier
 	return dropACL
 }
@@ -1265,7 +1265,7 @@ func (bnc *BaseNetworkController) addAdvertisedNetworkIsolation(nodeName string)
 			strings.Join(passMatches, " || "),
 			nbdb.ACLActionPass,
 			nil,
-			libovsdbutil.LportEgress)
+			libovsdbutil.LportEgressAfterLB)
 		passACL.Tier = types.PrimaryACLTier
 
 		ops, err = libovsdbops.CreateOrUpdateACLsOps(bnc.nbClient, ops, nil, passACL)
diff --git a/go-controller/pkg/ovn/gateway_test.go b/go-controller/pkg/ovn/gateway_test.go
@@ -49,7 +49,7 @@ func generateAdvertisedUDNIsolationExpectedNB(testData []libovsdbtest.TestData,
 		strings.Join(passMatches, " || "),
 		nbdb.ACLActionPass,
 		nil,
-		libovsdbutil.LportEgress)
+		libovsdbutil.LportEgressAfterLB)
 	passACL.Tier = types.PrimaryACLTier
 	passACL.UUID = "advertised-udn-isolation-pass-acl-UUID"
 	dropACL := BuildAdvertisedNetworkSubnetsDropACL(addrSet)
