Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BGPConfiguration: ServiceExternalIPs Field #1123

Merged
merged 10 commits into from Sep 19, 2019

Conversation

@tompntn
Copy link
Contributor

tompntn commented Sep 3, 2019

Description

In order to support advertising service External IP's (projectcalico/calico#2770), we need to whitelist the IP's that we advertise. This is to prevent users from advertising arbitrary IP's into the network.

This PR adds a field to BGPConfiguration allowing users to whitelist allowed External IP's:

apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: true
  asNumber: 63400
  serviceExternalIPs:
  - cidr: 104.244.42.129/32
  - cidr: 172.217.3.0/24

This list is then serialized and added to the v1 syncer, for consumption by confd. Confd support for advertising External IP's is added in projectcalico/confd#266.

Note that this is a global whitelist, so only the value in the default bgpconfiguration will be used.

Todos

Release Note

Support sending BGP advertisements for Kubernetes Service External IPs that fall within a set of whitelisted CIDR blocks.
Copy link
Member

caseydavenport left a comment

@tompntn this is looking good - just a few comments, mostly around how we should validate this new field.

lib/apis/v3/bgpconfig.go Outdated Show resolved Hide resolved
lib/apis/v3/bgpconfig.go Outdated Show resolved Hide resolved
@caseydavenport caseydavenport added this to the Calico v3.10.0 milestone Sep 11, 2019
@caseydavenport

This comment has been minimized.

Copy link
Member

caseydavenport commented Sep 17, 2019

@tompntn this is looking good, but it looks like there are a couple of test failures.

• Failure [0.002 seconds]
BGPConfiguration tests [Datastore] (etcdv3 backend) BGPConfiguration e2e CRUD tests [It] Two fully populated BGPConfigurationSpecs 
/go/src/projectcalico/libcalico-go/vendor/github.com/onsi/ginkgo/extensions/table/table_entry.go:46

  Expected
      <string>: error with field ServiceExternalIPs = '[{104.244.42.129/32} {172.217.3.0/24}]' (Reason: failed to validate Field: ServiceExternalIPs because of Tag: net )
  to contain substring
      <string>: resource does not exist: BGPConfiguration(default) with error:
@caseydavenport caseydavenport merged commit 6dc1641 into projectcalico:master Sep 19, 2019
2 checks passed
2 checks passed
license/cla Contributor License Agreement is signed.
Details
semaphoreci The build passed on Semaphore.
Details
@tompntn tompntn deleted the tompntn:ServiceExternalIPs-field branch Sep 19, 2019
@lmm lmm added docs-completed and removed docs-pr-required labels Oct 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.