bgpv1: Adds CiliumPodIPPool Support to PathAttr Policies

[danehans]

• Adds the CiliumPodIPPool selector type to BGP CP CiliumBGPPathAttributes API.
• Updates RoutePolicyReconciler to support CiliumPodIPPool.
• Added unit tests for the CiliumPodIPPool selector type.
• Regenerated CiliumBGPPeeringPolicy CRD.

Fixes: #28296

Adds the CiliumPodIPPool selector type to BGP CP AdvertisedPathAttributes to match CiliumPodIPPool custom resources. Path attributes apply to routes announced for selected CiliumPodIPPools.

[danehans]

@rastislavs I marked this PR as a draft b/c I am not seeing the path attributes being added for prefixes being advertised from a CiliumPodIPPool. I temporarily added logging throughout for troubleshooting but I'm unable to root cause the issue. When you have time, can you take a look?

Test resources:

apiVersion: cilium.io/v2alpha1
kind: CiliumPodIPPool
metadata:
  creationTimestamp: "2023-09-26T21:30:52Z"
  generation: 1
  labels:
    foo: bar
  name: default
  resourceVersion: "1757"
  uid: 8c64dc70-e811-4108-b01d-f3bfa88c3a99
spec:
  ipv4:
    cidrs:
    - 10.10.0.0/16
    maskSize: 24
---
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeeringPolicy
metadata:
  name: cp
spec:
  nodeSelector:
    matchLabels:
      kubernetes.io/hostname: kind-control-plane
  virtualRouters:
  - exportPodCIDR: false
    localASN: 65100
    neighbors:
    - advertisedPathAttributes:
      - communities:
          standard:
          - 65001:100
        selector:
          matchLabels:
            foo: bar
        selectorType: CiliumPodIPPool
      connectRetryTimeSeconds: 120
      eBGPMultihopTTL: 1
      holdTimeSeconds: 90
      keepAliveTimeSeconds: 30
      peerASN: 65200
      peerAddress: 192.168.64.3/32
      peerPort: 179
    podIPPoolSelector:
      matchLabels:
        foo: bar

Logs:
cp_not_working.log
cp_working.log

[rastislavs]

@rastislavs I marked this PR as a draft b/c I am not seeing the path attributes being added for prefixes being advertised from a CiliumPodIPPool.

Thanks for the PR! I think the reason why this is not working ATM is in this comment: https://github.com/cilium/cilium/pull/28310/files#r1339661669

FYI, I plan to add a CLI command for listing the routing policies, so that similar issues are easier to debug in the future.

[danehans]

cc: @harsimran-pabla @YutaroHayakawa

[rastislavs]

LGTM now, thanks!

[rastislavs]

/test

[danehans]

/cc @harsimran-pabla @YutaroHayakawa

[danehans]

/cc @harsimran-pabla @YutaroHayakawa

[danehans]

@harsimran-pabla when you have a moment, do you mind doing another review?

[rastislavs]

/test

[danehans]

/ci-l4lb

[danehans]

Commit 301fa26 is a rebase to see if it fixes the ci-l4lb test failures.

[danehans]

/test

[danehans]

@rastislavs @harsimran-pabla @YutaroHayakawa This PR is passing CI. Do you have suggestions on how to get this merged?

[YutaroHayakawa]

Seems like we still need a review from @youngnick. Once his review is in, you can put the tag ready-to-merge then the tophat will merge it.

[danehans]

@youngnick This PR has been hanging around for a few weeks. Do you mind reviewing when you have a moment or can you assign another reviewer?

[danehans]

@christarazi anyone else from sig-k8s you recommend to unblock this PR?

[christarazi]

The K8s changes LGTM to me. Could you add justification in the commit msg? Without it, we lose potentially important context in git history if later down the line we bisect this commit.

[danehans]

@christarazi thanks for the review. I have updated the commit message to include additional change details and the fixed issue.

[rastislavs]

/test

[danehans]

Commit 60f55e2 rebases to fix CI flakes.

[rastislavs]

/test