Consolidate Node Peer Annotations #1914
Conversation
aauren
left a comment
aauren
left a comment
There was a problem hiding this comment.
@catherinetcai Thanks for starting work on this!
Most of my comments are nits, there are no major problems that I can see with this work. I like the fact that you pulled out all of the BGP parsing stuff into functions on a struct. I think that's already going a long ways towards making the code more readable.
The other main thing I was looking for was keeping backwards compatibility, but it looks like you've done that pretty well.
The configuration structure itself looks pretty good, although I'm still mulling that over a bit to see if there would be some way to make some of the items less duplicated. For instance, people are likely to have similar Password, RemoteASN, and RemoteIP for many of the peers. Maybe it would be possible to define a global default that people could specify once, and then allow individual entries to override that default when necessary?
Or maybe we could introduce a concept of peer groups? https://github.com/osrg/gobgp/blob/master/docs/sources/configuration.md?plain=1#L175-L187 which would follow more of the gobgp standard?
FRR has this standard as well: https://github.com/aauren/kube-router-automation/blob/main/ansible/playbooks/roles/bgp_router/templates/frr.conf.j2#L36-L42
I really like the idea of following more of the GoBGP standard. Do you have any thoughts for how those should be passed in? |
Heh... I think that it felt more apparent to me when I hadn't thought it through all the way. I was thinking that you could just add a peerGroup to the annotation yaml and then reference it. But this is per-node not cluster wide. I suppose that we could do something like add a config file or allow users to add a group via a parameter to kube-router, but those all feel a bit like a hack. I guess for now we leave it as it is. But maybe in the future, we add a CRD or something? This is similar to what Cilium does: https://docs.cilium.io/en/stable/network/bgp-control-plane/bgp-control-plane-v2 Although theirs is a bit different because they have nodeSelectors in their BGP config so that users can control node applications that way. Which I suppose is more k8s idiomatic. |
catherinetcai
force-pushed
the
restructure-node-annotations
branch
from
c34f404 to
b0a1ef0
Compare
|
@aauren Rebased my changes against master so that there's no more merge conflicts between recent changes to network_routes_controller.go and go.mod/go.sum. |
…ace for PeerConfig structs. Break out ValToPtr functions into a testutils package.
catherinetcai
force-pushed
the
restructure-node-annotations
branch
from
b0a1ef0 to
dbed2c1
Compare
aauren
left a comment
aauren
left a comment
There was a problem hiding this comment.
Looking good! I think that we're almost there.
| @@ -1,89 +1,81 @@ | |||
| module github.com/cloudnativelabs/kube-router/v2 | |||
There was a problem hiding this comment.
It looks like the rebase here, favored your older library versions instead of the ones that were updated by dependabot. We should fix this up to favor the upgraded library versions (as well as Go 1.25).
| asnStrings := stringToSlice(nodeBgpPeerAsnsAnnotation, ",") | ||
| peerASNs, err := stringSliceToUInt32(asnStrings) | ||
| klog.V(2). | ||
| Infof("Attempting to construct peer configs from annotation: %+v", node.Annotations) |
There was a problem hiding this comment.
2 things here... In general, I try never to split lines on chained functions in the kube-router code base unless there is no other option. In this case, I think it would be better to either wrap the parameter node.Annotations or if that doesn't get it below the char limit, then I would split the string across multiple lines.
I'm a bit iffy on this. Technically tier 2 logging should probably only be used for debugging, but technically this can also leak BGP passwords in logs. I could see going both ways on this, but usually its better to lean more secure even if that gives people less debug info.
| if !ok { | ||
| klog.Infof("Could not find BGP peer info for the node in the node annotations " + | ||
| "so skipping configuring peer.") | ||
| // Early exist because no BGP peer info was set in annotations for the node |
There was a problem hiding this comment.
nitpic, but it should be Early exit
| } | ||
| klog.V(2).Infof("Processing bgp route advertisement from peer: %s", path.NeighborIp) | ||
| klog.V(2). | ||
| Infof("Processing bgp route advertisement from peer: %s", path.NeighborIp) |
There was a problem hiding this comment.
nitpic: don't break the line in the middle of a function chain, instead break on the parameters or split the string if you need to.
There was a problem hiding this comment.
It looks like this can be configured in golines via: https://github.com/segmentio/golines?tab=readme-ov-file#chained-method-splitting
There was a problem hiding this comment.
Ah, thank you. I'll go update this! And yeah, it's my neovim config (sorry)
2 participants
Adds support for peer configuration that's in YAML format according to: #1393
I consolidated the peer configurations from both the consolidated annotation and single annotations into populating a single config struct.
Tested this by spinning up a cluster using https://github.com/aauren/kube-router-automation and adding the following annotations onto the aws-controller and aws-worker nodes and then running
kubectl execinto the pods to validate that the BGP configurations were picked up.I'm going to keep this MR in the draft state until I'm able to do a more thorough testing cycle with kubetest2.
@aauren