Fixes: #32693 - Cilium BGPv1 - Handle updated and deprecated Cidr fie…

…lds for CiliumLoadBalancerIPPool In 27322f3, the CiliumLoadBalancerIPPool's field named "cidrs" was deprecated. The documentation on https://docs.cilium.io/en/stable/network/lb-ipam/ provides an example of configuring a CiliumLoadBalancerIPPool using the field named "blocks". While testing a BGP policy configured with the Advertised Path Attributes feature (https://docs.cilium.io/en/stable/network/bgp-control-plane/#advertised-path-attributes), I was not able to achieve the desired policy. BGP attributes configured were not being applied. While discussing this in Cilium's Slack channel, it was pointed out that the BGPv1 reconciler was only aware of the deprecated field. This commit updates Cilium's BGPv1 reconciler to support both the deprecated and updated fields.
cilium · May 24, 2024 · dd60d44 · dd60d44
1 parent 2460a97
commit dd60d44
Show file tree

Hide file tree

Showing 2 changed files with 440 additions and 5 deletions.
diff --git a/pkg/bgpv1/manager/reconciler/route_policy.go b/pkg/bgpv1/manager/reconciler/route_policy.go
@@ -238,8 +238,28 @@ func (r *RoutePolicyReconciler) pathAttributesToPolicy(attrs v2alpha1api.CiliumB
 			if attrs.Selector != nil && !labelSelector.Matches(labels.Set(pool.Labels)) {
 				continue
 			}
+			prefixesSeen := map[netip.Prefix]bool{}
+			for _, cidrBlock := range pool.Spec.Blocks {
+				cidr, err := netip.ParsePrefix(string(cidrBlock.Cidr))
+				prefixesSeen[cidr] = true
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse IPAM pool CIDR %s: %w", cidrBlock.Cidr, err)
+				}
+				if cidr.Addr().Is4() {
+					v4Prefixes = append(v4Prefixes, &types.RoutePolicyPrefixMatch{CIDR: cidr, PrefixLenMin: maxPrefixLenIPv4, PrefixLenMax: maxPrefixLenIPv4})
+				} else {
+					v6Prefixes = append(v6Prefixes, &types.RoutePolicyPrefixMatch{CIDR: cidr, PrefixLenMin: maxPrefixLenIPv6, PrefixLenMax: maxPrefixLenIPv6})
+				}
+			}
+			// Note: CiliumLoadBalancerIPPool.Spec.Cidrs was deprecated as of
+			// https://github.com/cilium/cilium/commit/27322f3959c3fa05b9b1c4f9827527b4a3642687
+			// It was replaced by CiliumLoadBalancerIPPool.Spec.Blocks.
 			for _, cidrBlock := range pool.Spec.Cidrs {
 				cidr, err := netip.ParsePrefix(string(cidrBlock.Cidr))
+				// If the same prefix was specified in Spec.Blocks and Spec.Cidrs, ignore the duplicate.
+				if prefixesSeen[cidr] {
+					continue
+				}
 				if err != nil {
 					return nil, fmt.Errorf("failed to parse IPAM pool CIDR %s: %w", cidrBlock.Cidr, err)
 				}