Merge branch 'main' into fix/monitoring&logging

.github/workflows/container-image.yaml

@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "^1.19"
 
@@ -36,13 +36,13 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v5.0.0
+        uses: docker/build-push-action@v5.1.0
         with:
           context: .
           push: true
           tags: ghcr.io/telekom/das-schiff-network-operator:main
       - name: Build and push sidecar Docker image
-        uses: docker/build-push-action@v5.0.0
+        uses: docker/build-push-action@v5.1.0
         with:
           context: .
           file: frr-exporter.Dockerfile

.github/workflows/draft_release.yaml

@@ -15,7 +15,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "^1.19"
 
@@ -44,7 +44,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "^1.19"
 
@@ -68,12 +68,12 @@ jobs:
 
       - name: Extract Metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v5.0.0
+        uses: docker/metadata-action@v5.5.0
         with:
           images: ghcr.io/telekom/das-schiff-network-operator
 
       - name: Build and Push Docker Image
-        uses: docker/build-push-action@v5.0.0
+        uses: docker/build-push-action@v5.1.0
         with:
           context: .
           push: true
@@ -82,12 +82,12 @@ jobs:
 
       - name: Extract Metadata (tags, labels) for Docker
         id: exporter
-        uses: docker/metadata-action@v5.0.0
+        uses: docker/metadata-action@v5.5.0
         with:
           images: ghcr.io/telekom/frr-exporter
 
       - name: Build and Push Docker Image
-        uses: docker/build-push-action@v5.0.0
+        uses: docker/build-push-action@v5.1.0
         with:
           context: .
           push: true

.github/workflows/pullrequests.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: 1.19
           cache: false
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: 1.19
       - name: Install packages
@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: 1.19
       - name: Install packages

api/v1alpha1/vrfrouteconfiguration_types.go

@@ -71,6 +71,10 @@ type VRFRouteConfigurationSpec struct {
 	// Sequence of the generated route-map, maximum of 65534 because we sometimes have to set an explicit default-deny
 	Seq int `json:"seq"`
 
+	// +kubebuilder:default=9000
+	// The MTU of the VRF
+	MTU int `json:"mtu"`
+
 	// Community for export, if omitted no community will be set
 	Community *string `json:"community,omitempty"`
 }

config/crd/bases/network.schiff.telekom.de_vrfrouteconfigurations.yaml

@@ -117,6 +117,10 @@ spec:
                   type: object
                 maxItems: 4294967295
                 type: array
+              mtu:
+                default: 9000
+                description: The MTU of the VRF
+                type: integer
               seq:
                 description: Sequence of the generated route-map, maximum of 65534
                   because we sometimes have to set an explicit default-deny
@@ -130,6 +134,7 @@ spec:
             required:
             - export
             - import
+            - mtu
             - seq
             type: object
           status:

pkg/frr/manager.go

@@ -45,6 +45,7 @@ type PrefixedRouteItem struct {
 type VRFConfiguration struct {
 	Name          string
 	VNI           int
+	MTU           int
 	RT            string
 	AggregateIPv4 []string
 	AggregateIPv6 []string

pkg/nl/layer3.go

@@ -15,6 +15,7 @@ const (
 type VRFInformation struct {
 	Name string
 	VNI  int
+	MTU  int
 
 	table    int
 	bridgeID int
@@ -47,7 +48,7 @@ func (n *NetlinkManager) CreateL3(info VRFInformation) error {
 		return fmt.Errorf("error attaching BPF: %w", err)
 	}
 
-	veth, err := n.createLink(vrfToDefaultPrefix+info.Name, defaultToVrfPrefix+info.Name, vrf.Attrs().Index, defaultMtu, true)
+	veth, err := n.createLink(vrfToDefaultPrefix+info.Name, defaultToVrfPrefix+info.Name, vrf.Attrs().Index, info.linkMTU(), true)
 	if err != nil {
 		return err
 	}
@@ -164,3 +165,33 @@ func (*NetlinkManager) EnsureBPFProgram(info VRFInformation) error {
 
 	return nil
 }
+
+func (info VRFInformation) linkMTU() int {
+	if info.MTU == 0 {
+		return defaultMtu
+	}
+	return info.MTU
+}
+
+func (*NetlinkManager) EnsureMTU(info VRFInformation) error {
+	link, err := netlink.LinkByName(vrfToDefaultPrefix + info.Name)
+	if err != nil {
+		return fmt.Errorf("error getting vrf2default interface of vrf %s: %w", info.Name, err)
+	}
+	if link.Attrs().MTU != info.linkMTU() {
+		if err := netlink.LinkSetMTU(link, info.MTU); err != nil {
+			return fmt.Errorf("error setting MTU of vrf2default interface of vrf %s: %w", info.Name, err)
+		}
+	}
+
+	link, err = netlink.LinkByName(defaultToVrfPrefix + info.Name)
+	if err != nil {
+		return fmt.Errorf("error getting default2vrf interface of vrf %s: %w", info.Name, err)
+	}
+	if link.Attrs().MTU != info.linkMTU() {
+		if err := netlink.LinkSetMTU(link, info.MTU); err != nil {
+			return fmt.Errorf("error setting MTU of default2vrw interface of vrf %s: %w", info.Name, err)
+		}
+	}
+	return nil
+}

pkg/nl/list.go

@@ -91,6 +91,12 @@ func (*NetlinkManager) updateL3Indices(info *VRFInformation) {
 	} else {
 		info.MarkForDelete = true
 	}
+	vethLink, err := netlink.LinkByName(vrfToDefaultPrefix + info.Name)
+	if err == nil {
+		info.MTU = vethLink.Attrs().MTU
+	} else {
+		info.MarkForDelete = true
+	}
 }
 
 func (*NetlinkManager) updateL2Indices(info *Layer2Information, links []netlink.Link) error {

pkg/notrack/notrack.go

@@ -27,7 +27,7 @@ var (
 	notrackLog = ctrl.Log.WithName("notrack")
 
 	rulesRegex          = regexp.MustCompile(`--comment "?nwop:notrack"?`)
-	inputInterfaceRegex = regexp.MustCompile(`-i "?([a-zA-Z0-9._]*)"?`)
+	inputInterfaceRegex = regexp.MustCompile(`-i "?([a-zA-Z0-9._-]*)"?`)
 	notrackLinkPrefixes = []string{"vr."}
 )
 

pkg/reconciler/layer2.go

@@ -70,6 +70,10 @@ func (r *reconcile) fetchLayer2(ctx context.Context) ([]networkv1alpha1.Layer2Ne
 		l2vnis = append(l2vnis, *item)
 	}
 
+	if err := r.checkL2Duplicates(l2vnis); err != nil {
+		return nil, err
+	}
+
 	return l2vnis, nil
 }
 
@@ -143,6 +147,11 @@ func (r *reconcile) createL2(info *nl.Layer2Information, anycastTrackerInterface
 }
 
 func (r *reconcile) getDesired(l2vnis []networkv1alpha1.Layer2NetworkConfiguration) ([]nl.Layer2Information, error) {
+	availableVrfs, err := r.netlinkManager.ListL3()
+	if err != nil {
+		return nil, fmt.Errorf("error loading available VRFs: %w", err)
+	}
+
 	desired := []nl.Layer2Information{}
 	for i := range l2vnis {
 		spec := l2vnis[i].Spec
@@ -158,6 +167,20 @@ func (r *reconcile) getDesired(l2vnis []networkv1alpha1.Layer2NetworkConfigurati
 			return nil, fmt.Errorf("error parsing anycast gateways: %w", err)
 		}
 
+		if len(spec.VRF) > 0 {
+			vrfAvailable := false
+			for _, info := range availableVrfs {
+				if info.Name == spec.VRF {
+					vrfAvailable = true
+					break
+				}
+			}
+			if !vrfAvailable {
+				r.Logger.Error(err, "VRF of Layer2 not found on node", "layer", l2vnis[i].ObjectMeta.Name, "vrf", spec.VRF)
+				continue
+			}
+		}
+
 		desired = append(desired, nl.Layer2Information{
 			VlanID:                 spec.ID,
 			MTU:                    spec.MTU,
@@ -206,3 +229,17 @@ func (r *reconcile) reconcileExistingLayer(desired, currentConfig *nl.Layer2Info
 	}
 	return nil
 }
+
+func (*reconcile) checkL2Duplicates(configs []networkv1alpha1.Layer2NetworkConfiguration) error {
+	for i := range configs {
+		for j := i + 1; j < len(configs); j++ {
+			if configs[i].Spec.ID == configs[j].Spec.ID {
+				return fmt.Errorf("dupliate Layer2 ID found: %s %s", configs[i].ObjectMeta.Name, configs[j].ObjectMeta.Name)
+			}
+			if configs[i].Spec.VNI == configs[j].Spec.VNI {
+				return fmt.Errorf("dupliate Layer2 VNI found: %s %s", configs[i].ObjectMeta.Name, configs[j].ObjectMeta.Name)
+			}
+		}
+	}
+	return nil
+}

pkg/reconciler/layer3.go

@@ -110,8 +110,8 @@ func (r *reconcile) createVrfConfigMap(l3vnis []networkv1alpha1.VRFRouteConfigur
 			vni = config.SkipVrfTemplateVni
 		} else {
 			err := fmt.Errorf("vrf not in vrf vni map")
-			logger.Error(err, "VRF does not exist in VRF VNI config")
-			return nil, err
+			r.Logger.Error(err, "VRF does not exist in VRF VNI config, ignoring", "vrf", spec.VRF, "name", l3vnis[i].ObjectMeta.Name, "namespace", l3vnis[i].ObjectMeta.Namespace)
+			continue
 		}
 
 		cfg, err := createVrfConfig(vrfConfigMap, &spec, vni, rt)
@@ -131,6 +131,7 @@ func createVrfConfig(vrfConfigMap map[string]frr.VRFConfiguration, spec *network
 			Name: spec.VRF,
 			VNI:  vni,
 			RT:   rt,
+			MTU:  spec.MTU,
 		}
 	}
 
@@ -172,18 +173,19 @@ func (r *reconcile) reconcileL3Netlink(vrfConfigs []frr.VRFConfiguration) ([]nl.
 
 	// Check for VRFs that are configured on the host but no longer in Kubernetes
 	toDelete := []nl.VRFInformation{}
-	for _, cfg := range existing {
+	for i := range existing {
 		stillExists := false
-		for i := range vrfConfigs {
-			if vrfConfigs[i].Name == cfg.Name && vrfConfigs[i].VNI == cfg.VNI {
+		for j := range vrfConfigs {
+			if vrfConfigs[j].Name == existing[i].Name && vrfConfigs[j].VNI == existing[i].VNI {
 				stillExists = true
+				existing[i].MTU = vrfConfigs[j].MTU
 				break
 			}
 		}
-		if !stillExists || cfg.MarkForDelete {
-			toDelete = append(toDelete, cfg)
-		} else if err := r.netlinkManager.EnsureBPFProgram(cfg); err != nil {
-			r.Logger.Error(err, "Error ensuring BPF program on VRF", "vrf", cfg.Name, "vni", strconv.Itoa(cfg.VNI))
+		if !stillExists || existing[i].MarkForDelete {
+			toDelete = append(toDelete, existing[i])
+		} else if err := r.reconcileExisting(existing[i]); err != nil {
+			r.Logger.Error(err, "error reconciling existing VRF", "vrf", existing[i].Name, "vni", strconv.Itoa(existing[i].VNI))
 		}
 	}
 
@@ -210,6 +212,16 @@ func (r *reconcile) reconcileL3Netlink(vrfConfigs []frr.VRFConfiguration) ([]nl.
 	return toCreate, nil
 }
 
+func (r *reconcile) reconcileExisting(cfg nl.VRFInformation) error {
+	if err := r.netlinkManager.EnsureBPFProgram(cfg); err != nil {
+		return fmt.Errorf("error ensuring BPF program on VRF")
+	}
+	if err := r.netlinkManager.EnsureMTU(cfg); err != nil {
+		return fmt.Errorf("error setting VRF veth link MTU: %d", cfg.MTU)
+	}
+	return nil
+}
+
 func prepareVRFsToCreate(vrfConfigs []frr.VRFConfiguration, existing []nl.VRFInformation) []nl.VRFInformation {
 	create := []nl.VRFInformation{}
 	for i := range vrfConfigs {
@@ -228,6 +240,7 @@ func prepareVRFsToCreate(vrfConfigs []frr.VRFConfiguration, existing []nl.VRFInf
 			create = append(create, nl.VRFInformation{
 				Name: vrfConfigs[i].Name,
 				VNI:  vrfConfigs[i].VNI,
+				MTU:  vrfConfigs[i].MTU,
 			})
 		}
 	}