From f124d02a1eba93358878cad2fc2d8a20f78580bd Mon Sep 17 00:00:00 2001 From: Hongliang Liu Date: Fri, 19 Jul 2024 04:44:54 +0800 Subject: [PATCH] Implement the controller for API BGPPolicy This commit implements the controller of API `BGPPolicy`, designed to advertise Service IPs, Egress IPs, and Pod IPs to BGP peers from selected Kubernetes Nodes. According to the spec of `BGPPolicy`, the Node selector is used to select Nodes to which a `BGPPolicy` is applied. Multiple `BGPPolicies` can be applied to the same Node. However, only the oldest `BGPPolicy` will be effective on a Node, with others serving as alternatives. The effective one may be changed in the following cases: - The current effective BGPPolicy is updated and not applied to the Node. - The current effective BGPPolicy is deleted. The BGP server instance is only created and started for the effective BGPPolicy on a Node. If the effective BGPPolicy is changed, the corresponding BGP server instance will be terminated by calling the `Stop` method, and a new BGP server instance will be created and started by calling the `Start` method for the new effective BGPPolicy. To create a BGP server instance, ASN, router ID, and listen port must be specified. The ASN and listen port are specified in the spec of the effective BGPPolicy. For router ID, if the Kubernetes cluster is IPv4-only or dual-stack, we use the Node's IPv4 address as the router ID, ensuring uniqueness. If the Kubernetes cluster is IPv6-only, where no Node IPv4 address is available, the router ID could be specified via the Node annotation `node.antrea.io/bgp-router-id`. If not present, a router ID will be generated by hashing the Node name and update it to the Node annotation `node.antrea.io/bgp-router-id`. Additionally, the stale BGP server instance will be terminated and a new BGP server instance should be created and started when any of ASN, routerID, or listen port changes. The information of the BGP peers is specified in the effective BGPPolicy. The unique identification of a BGP peer is the peer IP address and peer ASN. To reconcile the latest BGP peers: - Get the BGP peers to be added and add them by calling the `AddPeer` method of the BGP server instance. - Get the BGP peers to be deleted and delete them by calling the `RemovePeer` method of the BGP server instance. - Get the remaining BGP peers and calculate the updated BGP peers, then update them by calling the `UpdatePeer` method of the BGP server instance. The information of the IPs to be advertised can be calculated from the spec of the effective BGPPolicy. Currently, we advertise the IPs and CIDRs to all the BGP peers. To reconcile the latest IPs to all BGP peers: - If the BGP server instance is newly created and started, advertise all the IPs by calling the `AdvertiseRoutes` method. - If the BGP server instance is not newly created and started: - Get the IPs/CIDRs to be added and advertise them by calling the `AdvertiseRoutes` method. - Get the IPs/CIDRs to be removed and withdraw them by calling the `WithdrawRoutes` method. The feature is gated by the alpha `BGPPolicy` feature gate and only supported in Linux. Signed-off-by: Hongliang Liu --- .../antrea/templates/agent/clusterrole.yaml | 1 + build/yamls/antrea-aks.yml | 35 ++++++++++--------- build/yamls/antrea-eks.yml | 35 ++++++++++--------- build/yamls/antrea-gke.yml | 35 ++++++++++--------- build/yamls/antrea-ipsec.yml | 35 ++++++++++--------- build/yamls/antrea.yml | 35 ++++++++++--------- pkg/agent/controller/bgp/controller.go | 12 +++++-- test/e2e/bgppolicy_test.go | 10 ++++-- 8 files changed, 108 insertions(+), 90 deletions(-) diff --git a/build/charts/antrea/templates/agent/clusterrole.yaml b/build/charts/antrea/templates/agent/clusterrole.yaml index be46ac81f8b..a2a74e45beb 100644 --- a/build/charts/antrea/templates/agent/clusterrole.yaml +++ b/build/charts/antrea/templates/agent/clusterrole.yaml @@ -243,4 +243,5 @@ rules: - antrea-bgp-passwords verbs: - get + - list - watch diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 3dfbe0d1944..ca15c7b3eec 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -1,5 +1,5 @@ --- -# Source: antrea/crds/antreaagentinfo.yaml +# Source: crds/antreaagentinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -152,7 +152,7 @@ spec: - aai --- -# Source: antrea/crds/antreacontrollerinfo.yaml +# Source: crds/antreacontrollerinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -301,7 +301,7 @@ spec: - aci --- -# Source: antrea/crds/bgppolicy.yaml +# Source: crds/bgppolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -430,7 +430,7 @@ spec: kind: BGPPolicy --- -# Source: antrea/crds/clustergroup.yaml +# Source: crds/clustergroup.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -575,7 +575,7 @@ spec: - cg --- -# Source: antrea/crds/clusternetworkpolicy.yaml +# Source: crds/clusternetworkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1361,7 +1361,7 @@ spec: - acnp --- -# Source: antrea/crds/egress.yaml +# Source: crds/egress.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1527,7 +1527,7 @@ spec: - eg --- -# Source: antrea/crds/externalentity.yaml +# Source: crds/externalentity.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1582,7 +1582,7 @@ spec: - ee --- -# Source: antrea/crds/externalippool.yaml +# Source: crds/externalippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1710,7 +1710,7 @@ spec: - eip --- -# Source: antrea/crds/externalnode.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1762,7 +1762,7 @@ spec: - en --- -# Source: antrea/crds/group.yaml +# Source: crds/group.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1893,7 +1893,7 @@ spec: - grp --- -# Source: antrea/crds/ippool.yaml +# Source: crds/ippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2153,7 +2153,7 @@ spec: - ipp --- -# Source: antrea/crds/networkpolicy.yaml +# Source: crds/networkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2816,7 +2816,7 @@ spec: - anp --- -# Source: antrea/crds/nodelatencymonitor.yaml +# Source: crds/nodelatencymonitor.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2867,7 +2867,7 @@ spec: - nlm --- -# Source: antrea/crds/supportbundlecollection.yaml +# Source: crds/supportbundlecollection.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3016,7 +3016,7 @@ spec: - sbc --- -# Source: antrea/crds/tier.yaml +# Source: crds/tier.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3061,7 +3061,7 @@ spec: - tr --- -# Source: antrea/crds/traceflow.yaml +# Source: crds/traceflow.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3371,7 +3371,7 @@ spec: - tf --- -# Source: antrea/crds/trafficcontrol.yaml +# Source: crds/trafficcontrol.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4515,6 +4515,7 @@ rules: - antrea-bgp-passwords verbs: - get + - list - watch --- # Source: antrea/templates/antctl/clusterrole.yaml diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index aae68854866..c64ae657c79 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -1,5 +1,5 @@ --- -# Source: antrea/crds/antreaagentinfo.yaml +# Source: crds/antreaagentinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -152,7 +152,7 @@ spec: - aai --- -# Source: antrea/crds/antreacontrollerinfo.yaml +# Source: crds/antreacontrollerinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -301,7 +301,7 @@ spec: - aci --- -# Source: antrea/crds/bgppolicy.yaml +# Source: crds/bgppolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -430,7 +430,7 @@ spec: kind: BGPPolicy --- -# Source: antrea/crds/clustergroup.yaml +# Source: crds/clustergroup.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -575,7 +575,7 @@ spec: - cg --- -# Source: antrea/crds/clusternetworkpolicy.yaml +# Source: crds/clusternetworkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1361,7 +1361,7 @@ spec: - acnp --- -# Source: antrea/crds/egress.yaml +# Source: crds/egress.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1527,7 +1527,7 @@ spec: - eg --- -# Source: antrea/crds/externalentity.yaml +# Source: crds/externalentity.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1582,7 +1582,7 @@ spec: - ee --- -# Source: antrea/crds/externalippool.yaml +# Source: crds/externalippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1710,7 +1710,7 @@ spec: - eip --- -# Source: antrea/crds/externalnode.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1762,7 +1762,7 @@ spec: - en --- -# Source: antrea/crds/group.yaml +# Source: crds/group.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1893,7 +1893,7 @@ spec: - grp --- -# Source: antrea/crds/ippool.yaml +# Source: crds/ippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2153,7 +2153,7 @@ spec: - ipp --- -# Source: antrea/crds/networkpolicy.yaml +# Source: crds/networkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2816,7 +2816,7 @@ spec: - anp --- -# Source: antrea/crds/nodelatencymonitor.yaml +# Source: crds/nodelatencymonitor.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2867,7 +2867,7 @@ spec: - nlm --- -# Source: antrea/crds/supportbundlecollection.yaml +# Source: crds/supportbundlecollection.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3016,7 +3016,7 @@ spec: - sbc --- -# Source: antrea/crds/tier.yaml +# Source: crds/tier.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3061,7 +3061,7 @@ spec: - tr --- -# Source: antrea/crds/traceflow.yaml +# Source: crds/traceflow.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3371,7 +3371,7 @@ spec: - tf --- -# Source: antrea/crds/trafficcontrol.yaml +# Source: crds/trafficcontrol.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4515,6 +4515,7 @@ rules: - antrea-bgp-passwords verbs: - get + - list - watch --- # Source: antrea/templates/antctl/clusterrole.yaml diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index adac1460a46..d310cc5c551 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -1,5 +1,5 @@ --- -# Source: antrea/crds/antreaagentinfo.yaml +# Source: crds/antreaagentinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -152,7 +152,7 @@ spec: - aai --- -# Source: antrea/crds/antreacontrollerinfo.yaml +# Source: crds/antreacontrollerinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -301,7 +301,7 @@ spec: - aci --- -# Source: antrea/crds/bgppolicy.yaml +# Source: crds/bgppolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -430,7 +430,7 @@ spec: kind: BGPPolicy --- -# Source: antrea/crds/clustergroup.yaml +# Source: crds/clustergroup.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -575,7 +575,7 @@ spec: - cg --- -# Source: antrea/crds/clusternetworkpolicy.yaml +# Source: crds/clusternetworkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1361,7 +1361,7 @@ spec: - acnp --- -# Source: antrea/crds/egress.yaml +# Source: crds/egress.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1527,7 +1527,7 @@ spec: - eg --- -# Source: antrea/crds/externalentity.yaml +# Source: crds/externalentity.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1582,7 +1582,7 @@ spec: - ee --- -# Source: antrea/crds/externalippool.yaml +# Source: crds/externalippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1710,7 +1710,7 @@ spec: - eip --- -# Source: antrea/crds/externalnode.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1762,7 +1762,7 @@ spec: - en --- -# Source: antrea/crds/group.yaml +# Source: crds/group.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1893,7 +1893,7 @@ spec: - grp --- -# Source: antrea/crds/ippool.yaml +# Source: crds/ippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2153,7 +2153,7 @@ spec: - ipp --- -# Source: antrea/crds/networkpolicy.yaml +# Source: crds/networkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2816,7 +2816,7 @@ spec: - anp --- -# Source: antrea/crds/nodelatencymonitor.yaml +# Source: crds/nodelatencymonitor.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2867,7 +2867,7 @@ spec: - nlm --- -# Source: antrea/crds/supportbundlecollection.yaml +# Source: crds/supportbundlecollection.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3016,7 +3016,7 @@ spec: - sbc --- -# Source: antrea/crds/tier.yaml +# Source: crds/tier.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3061,7 +3061,7 @@ spec: - tr --- -# Source: antrea/crds/traceflow.yaml +# Source: crds/traceflow.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3371,7 +3371,7 @@ spec: - tf --- -# Source: antrea/crds/trafficcontrol.yaml +# Source: crds/trafficcontrol.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4515,6 +4515,7 @@ rules: - antrea-bgp-passwords verbs: - get + - list - watch --- # Source: antrea/templates/antctl/clusterrole.yaml diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 347cb88f3f3..21952bf0f3e 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -1,5 +1,5 @@ --- -# Source: antrea/crds/antreaagentinfo.yaml +# Source: crds/antreaagentinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -152,7 +152,7 @@ spec: - aai --- -# Source: antrea/crds/antreacontrollerinfo.yaml +# Source: crds/antreacontrollerinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -301,7 +301,7 @@ spec: - aci --- -# Source: antrea/crds/bgppolicy.yaml +# Source: crds/bgppolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -430,7 +430,7 @@ spec: kind: BGPPolicy --- -# Source: antrea/crds/clustergroup.yaml +# Source: crds/clustergroup.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -575,7 +575,7 @@ spec: - cg --- -# Source: antrea/crds/clusternetworkpolicy.yaml +# Source: crds/clusternetworkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1361,7 +1361,7 @@ spec: - acnp --- -# Source: antrea/crds/egress.yaml +# Source: crds/egress.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1527,7 +1527,7 @@ spec: - eg --- -# Source: antrea/crds/externalentity.yaml +# Source: crds/externalentity.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1582,7 +1582,7 @@ spec: - ee --- -# Source: antrea/crds/externalippool.yaml +# Source: crds/externalippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1710,7 +1710,7 @@ spec: - eip --- -# Source: antrea/crds/externalnode.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1762,7 +1762,7 @@ spec: - en --- -# Source: antrea/crds/group.yaml +# Source: crds/group.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1893,7 +1893,7 @@ spec: - grp --- -# Source: antrea/crds/ippool.yaml +# Source: crds/ippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2153,7 +2153,7 @@ spec: - ipp --- -# Source: antrea/crds/networkpolicy.yaml +# Source: crds/networkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2816,7 +2816,7 @@ spec: - anp --- -# Source: antrea/crds/nodelatencymonitor.yaml +# Source: crds/nodelatencymonitor.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2867,7 +2867,7 @@ spec: - nlm --- -# Source: antrea/crds/supportbundlecollection.yaml +# Source: crds/supportbundlecollection.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3016,7 +3016,7 @@ spec: - sbc --- -# Source: antrea/crds/tier.yaml +# Source: crds/tier.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3061,7 +3061,7 @@ spec: - tr --- -# Source: antrea/crds/traceflow.yaml +# Source: crds/traceflow.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3371,7 +3371,7 @@ spec: - tf --- -# Source: antrea/crds/trafficcontrol.yaml +# Source: crds/trafficcontrol.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4528,6 +4528,7 @@ rules: - antrea-bgp-passwords verbs: - get + - list - watch --- # Source: antrea/templates/antctl/clusterrole.yaml diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 137750a6cd1..d2242425b41 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -1,5 +1,5 @@ --- -# Source: antrea/crds/antreaagentinfo.yaml +# Source: crds/antreaagentinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -152,7 +152,7 @@ spec: - aai --- -# Source: antrea/crds/antreacontrollerinfo.yaml +# Source: crds/antreacontrollerinfo.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -301,7 +301,7 @@ spec: - aci --- -# Source: antrea/crds/bgppolicy.yaml +# Source: crds/bgppolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -430,7 +430,7 @@ spec: kind: BGPPolicy --- -# Source: antrea/crds/clustergroup.yaml +# Source: crds/clustergroup.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -575,7 +575,7 @@ spec: - cg --- -# Source: antrea/crds/clusternetworkpolicy.yaml +# Source: crds/clusternetworkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1361,7 +1361,7 @@ spec: - acnp --- -# Source: antrea/crds/egress.yaml +# Source: crds/egress.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1527,7 +1527,7 @@ spec: - eg --- -# Source: antrea/crds/externalentity.yaml +# Source: crds/externalentity.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1582,7 +1582,7 @@ spec: - ee --- -# Source: antrea/crds/externalippool.yaml +# Source: crds/externalippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1710,7 +1710,7 @@ spec: - eip --- -# Source: antrea/crds/externalnode.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1762,7 +1762,7 @@ spec: - en --- -# Source: antrea/crds/group.yaml +# Source: crds/group.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -1893,7 +1893,7 @@ spec: - grp --- -# Source: antrea/crds/ippool.yaml +# Source: crds/ippool.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2153,7 +2153,7 @@ spec: - ipp --- -# Source: antrea/crds/networkpolicy.yaml +# Source: crds/networkpolicy.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2816,7 +2816,7 @@ spec: - anp --- -# Source: antrea/crds/nodelatencymonitor.yaml +# Source: crds/nodelatencymonitor.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -2867,7 +2867,7 @@ spec: - nlm --- -# Source: antrea/crds/supportbundlecollection.yaml +# Source: crds/supportbundlecollection.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3016,7 +3016,7 @@ spec: - sbc --- -# Source: antrea/crds/tier.yaml +# Source: crds/tier.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3061,7 +3061,7 @@ spec: - tr --- -# Source: antrea/crds/traceflow.yaml +# Source: crds/traceflow.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3371,7 +3371,7 @@ spec: - tf --- -# Source: antrea/crds/trafficcontrol.yaml +# Source: crds/trafficcontrol.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4515,6 +4515,7 @@ rules: - antrea-bgp-passwords verbs: - get + - list - watch --- # Source: antrea/templates/antctl/clusterrole.yaml diff --git a/pkg/agent/controller/bgp/controller.go b/pkg/agent/controller/bgp/controller.go index 4eb2a44fefb..03a1158f268 100644 --- a/pkg/agent/controller/bgp/controller.go +++ b/pkg/agent/controller/bgp/controller.go @@ -110,7 +110,8 @@ type Controller struct { endpointSliceLister discoverylisters.EndpointSliceLister endpointSliceListerSynced cache.InformerSynced - secretInformer cache.SharedIndexInformer + secretInformer cache.SharedIndexInformer + secretListerSynced cache.InformerSynced bgpPolicyState *bgpPolicyState @@ -241,6 +242,7 @@ func (c *Controller) Run(ctx context.Context) { c.serviceListerSynced, c.bgpPolicyListerSynced, c.endpointSliceListerSynced, + c.serviceListerSynced, } if c.egressEnabled { cacheSyncs = append(cacheSyncs, c.egressListerSynced) @@ -251,6 +253,9 @@ func (c *Controller) Run(ctx context.Context) { go wait.UntilWithContext(ctx, c.worker, time.Second) + go c.secretInformer.Run(ctx.Done()) + cache.WaitForCacheSync(ctx.Done(), c.secretInformer.HasSynced) + <-ctx.Done() } @@ -896,17 +901,20 @@ func (c *Controller) updateNode(oldObj, obj interface{}) { func (c *Controller) addSecret(obj interface{}) { secret := obj.(*corev1.Secret) + klog.V(2).InfoS("Processing Secret ADD event", "Secret", klog.KObj(secret)) c.updateBGPPeerPasswords(secret) c.queue.Add(dummyKey) } func (c *Controller) updateSecret(_, obj interface{}) { secret := obj.(*corev1.Secret) + klog.V(2).InfoS("Processing Secret UPDATE event", "Secret", klog.KObj(secret)) c.updateBGPPeerPasswords(secret) c.queue.Add(dummyKey) } -func (c *Controller) deleteSecret(_ interface{}) { +func (c *Controller) deleteSecret(obj interface{}) { + klog.V(2).InfoS("Processing Secret DELETE event", "Secret", klog.KObj(obj.(*corev1.Secret))) c.updateBGPPeerPasswords(nil) c.queue.Add(dummyKey) } diff --git a/test/e2e/bgppolicy_test.go b/test/e2e/bgppolicy_test.go index 7e902934173..91eb67df864 100644 --- a/test/e2e/bgppolicy_test.go +++ b/test/e2e/bgppolicy_test.go @@ -24,10 +24,10 @@ import ( "testing" "time" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/utils/ptr" @@ -75,6 +75,7 @@ func routesToStrings(routes []FRRRoute) []string { func TestBGPPolicy(t *testing.T) { skipIfNotIPv4Cluster(t) + skipIfHasWindowsNodes(t) skipIfExternalFRRNotSet(t) data, err := setupTest(t) @@ -217,10 +218,13 @@ func checkFRRRouterBGPRoutes(t *testing.T, expectedRouteStrings, notExpectedRout return false, err } gotRouteStrings := routesToStrings(gotRoutes) - if assert.NotSubset(t, gotRouteStrings, expectedRouteStrings) { + gotRoutesSet := sets.NewString(gotRouteStrings...) + notExpectedRoutesSet := sets.NewString(notExpectedRouteStrings...) + expectedRoutesSet := sets.NewString(expectedRouteStrings...) + if !gotRoutesSet.IsSuperset(expectedRoutesSet) { return false, nil } - if len(notExpectedRouteStrings) != 0 && assert.Subset(t, gotRouteStrings, notExpectedRouteStrings) { + if notExpectedRoutesSet.Len() != 0 && gotRoutesSet.IsSuperset(notExpectedRoutesSet) { return false, nil } return true, nil