Skip to content

Commit

Permalink
Explicitly disable BGP export for Calico IPPools
Browse files Browse the repository at this point in the history
We recently noticed that sometimes (probably after node reboots)
static routes to remote cluster CIDRs added by RouteAgent are overridden
by Calico (proto = bird) even though IPPool is set with Disabled=true.
Routes added by Calico point inter-cluster traffic to default interface
instead of vx-submariner which breaks datapath.

Adding DisableBGPExport=true to IPPool solves this issue.

Signed-off-by: Yossi Boaron <yboaron@redhat.com>
  • Loading branch information
yboaron authored and skitt committed Sep 11, 2024
1 parent 15d9c5f commit 100b08d
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions pkg/routeagent_driver/handlers/calico/ippool_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,9 +161,10 @@ func (h *calicoIPPoolHandler) createIPPool(endpoint *submV1.Endpoint) error {
Labels: map[string]string{SubmarinerIPPool: "true"},
},
Spec: calicoapi.IPPoolSpec{
CIDR: subnet,
NATOutgoing: false,
Disabled: true,
CIDR: subnet,
NATOutgoing: false,
Disabled: true,
DisableBGPExport: true,
},
}
_, err := h.client.ProjectcalicoV3().IPPools().Create(context.TODO(), iPPoolObj, metav1.CreateOptions{})
Expand Down

0 comments on commit 100b08d

Please sign in to comment.