Add support for configuring BGP-backed namespace egress IPs #181
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
simu
force-pushed
the
feat/namespace-egress-policy-dest-cidrs
branch
from
4ed770b to
cfe50cd
Compare
simu
force-pushed
the
feat/namespace-egress-policy-bgp
branch
from
c0e2cea to
01dc3eb
Compare
simu
force-pushed
the
feat/namespace-egress-policy-dest-cidrs
branch
from
cfe50cd to
d186e42
Compare
simu
force-pushed
the
feat/namespace-egress-policy-bgp
branch
2 times, most recently
from
566dee7 to
9603e57
Compare
Base automatically changed from
feat/namespace-egress-policy-dest-cidrs
to
master
November 7, 2025 09:36
simu
force-pushed
the
feat/namespace-egress-policy-bgp
branch
from
9603e57 to
f51907d
Compare
For BGP-backed egress IPs, we don't configure the policy's egress IP based on the computed interface, but instead directly specify the egress IP in the policy. Additionally, we always set `maxGatewayNodes: 1` for BGP-backed egress IPs. Note that it's still the responsibility of the cluster operator to ensure that all possible BGP-backed egress IPs are assigned to an interface on each egress node.
We extend the Espejote managed resource Jsonnet to also read the egress IP's range's `bgp_policy_labels` field when creating the egress policy.
simu
force-pushed
the
feat/namespace-egress-policy-bgp
branch
from
f51907d to
940221c
Compare
bastjan
approved these changes
Nov 11, 2025
Co-authored-by: Sebastian Widmer <sebastian.widmer@vshn.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR extends the component's egress policy support with an optional parameter
bgp_policy_labelsfor each Egress IP range. When this parameter is provided and not empty, the component will generate egress policies which are suitable for BGP-backed egress IPs.The component generates an egress group which specifies the egress IP directly and which has
maxGatewayNodes: 1for BGP-backed egress IPs.Note that the component doesn't provide specialized support for configuring matching
IsovalentBGPAdvertisementresources (yet) and the cluster operator must ensure that the egress IPs in a range which is configured as BGP-backed are assigned to an interface on all egress nodes.Checklist
changelog.
The PR has a meaningful description that sums up the change. It will be
linked in the changelog.
bug,enhancement,documentation,change,breaking,dependencyas they show up in the changelog.