[release-4.19] BGP related backports #2746
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some code (EgressSVC and BGP) in cluster-manager needs to know the gateway mode. Signed-off-by: Peng Liu <[email protected]> (cherry picked from commit bc5f08e)
frr-k8s will not listen to port 179, and BGP peering can only be established from OCP to external. Signed-off-by: Konstantinos Karampogias <[email protected]> (cherry picked from commit 401f7b4)
This should save up calls to the webhook and reduce latency when a NAD is updated to add labels or annotations. The root cause of the change is the OVNK BGP feature: when BGP is enabled for the cluster default network, reconfiguration might cause temporary disruptions. As part of this reconfiguration and necessary to complete it, OVNK depends on annotating an internal NAD. We want to avoid having to reach the webhook for this annotation because the temporary disruption might prevent it and in that case the reconfiguration won't complete. Another possibility would be to filter out from validation the specific internal NAD but this current approach might be more beneficial overall. Signed-off-by: Jaime Caamaño Ruiz <[email protected]> (cherry picked from commit 0dae0a0)
Aligning to upstream and: - move the webhook deployment to hostnetworked, so that the api can still be served if an offending FRRConfiguration is applied - openshift only: change the webhook port to one in the allowed range - remove the metrics listening port, as no service monitor was deployed Signed-off-by: Federico Paolinelli <[email protected]> (cherry picked from commit 0b29885)
Aligning to upstream and bringing the deprecation of the disableMP flag and the introduction of a "dualStackAddressFamily" flag to bring the behavior back to allow backward compatibility. The default behavior was inconsistent in case of dual stack clusters, as frr was being configured to advertise both ip families over a single session, without being instructed properly to what next hop set for the ip family not corresponding to the ip family of the session. The dualStackAddressFamily flag is introduced to allow users relying on that behavior to keep working. Note that both flags are not documented nor supported d/s. More details in the upstream metallb issue metallb/metallb#2704 Signed-off-by: Federico Paolinelli <[email protected]> (cherry picked from commit 7056e67)
We need to run the webhook as hostnetworked, so it requires the privileged scc. Signed-off-by: Federico Paolinelli <[email protected]> (cherry picked from commit 5cc28c6)
openshift-ci
bot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jcaamano The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/close this did not use the correct source branch, don't know why |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cherry-picked
did not cherry-pick
as that requires FRR-k8s to be backported as well which is pending.
conflict: acdd043 added webhook arg/port, later on 0b29885 removed the monitoring arg/port. The resolution of the conflict is, logically, neither webhook arg/port nor monitoring arg/port defined.
/cc @fedepaol
to croscheck the resolution of the conflict
/hold
waiting for #2714 unless we decide otherwise