Fixes: #32693 - Cilium BGPv1 - Handle updated and deprecated Cidr fie…

…lds for CiliumLoadBalancerIPPool In 27322f3, the `CiliumLoadBalancerIPPool`'s field named `cidrs` was deprecated. The documentation on https://docs.cilium.io/en/stable/network/lb-ipam/ provides examples of configuring a `CiliumLoadBalancerIPPool` using the field named `blocks`. While attempting to configure a BGP policy using the Advertised Path Attributes feature (https://docs.cilium.io/en/stable/network/bgp-control-plane/#advertised-path-attributes), I was unable to configure a working policy. While discussing this in Cilium's Slack channel, it was pointed out that the BGPv1 reconciler was looking only for the deprecated field. The former name for `blocks` was `cidrs`. This commit updates Cilium's BGPv1 reconciler to support both the deprecated and updated fields. With this update, the BGPv1 reconciler will first look for a `CiliumLoadBalancerIPPool`'s using the updated `blocks` and then continues to evaluate the deprecated field named `cidrs`. The update includes a check to remove duplicates when the same prefix is specified using both new and old fields.
cilium · May 24, 2024 · 5e93a93 · 5e93a93
1 parent 2460a97
commit 5e93a93
Show file tree

Hide file tree

Showing 2 changed files with 440 additions and 5 deletions.
diff --git a/pkg/bgpv1/manager/reconciler/route_policy.go b/pkg/bgpv1/manager/reconciler/route_policy.go
@@ -238,8 +238,28 @@ func (r *RoutePolicyReconciler) pathAttributesToPolicy(attrs v2alpha1api.CiliumB
 			if attrs.Selector != nil && !labelSelector.Matches(labels.Set(pool.Labels)) {
 				continue
 			}
+			prefixesSeen := map[netip.Prefix]bool{}
+			for _, cidrBlock := range pool.Spec.Blocks {
+				cidr, err := netip.ParsePrefix(string(cidrBlock.Cidr))
+				prefixesSeen[cidr] = true
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse IPAM pool CIDR %s: %w", cidrBlock.Cidr, err)
+				}
+				if cidr.Addr().Is4() {
+					v4Prefixes = append(v4Prefixes, &types.RoutePolicyPrefixMatch{CIDR: cidr, PrefixLenMin: maxPrefixLenIPv4, PrefixLenMax: maxPrefixLenIPv4})
+				} else {
+					v6Prefixes = append(v6Prefixes, &types.RoutePolicyPrefixMatch{CIDR: cidr, PrefixLenMin: maxPrefixLenIPv6, PrefixLenMax: maxPrefixLenIPv6})
+				}
+			}
+			// Note: CiliumLoadBalancerIPPool.Spec.Cidrs was deprecated as of
+			// https://github.com/cilium/cilium/commit/27322f3959c3fa05b9b1c4f9827527b4a3642687
+			// It was replaced by CiliumLoadBalancerIPPool.Spec.Blocks.
 			for _, cidrBlock := range pool.Spec.Cidrs {
 				cidr, err := netip.ParsePrefix(string(cidrBlock.Cidr))
+				// If the same prefix was specified in Spec.Blocks and Spec.Cidrs, ignore the duplicate.
+				if prefixesSeen[cidr] {
+					continue
+				}
 				if err != nil {
 					return nil, fmt.Errorf("failed to parse IPAM pool CIDR %s: %w", cidrBlock.Cidr, err)
 				}