From 658426d879fe713a9da31e21c5d9d469ad580328 Mon Sep 17 00:00:00 2001 From: Alex Murphy Date: Tue, 24 Oct 2023 19:55:17 -0400 Subject: [PATCH 1/6] Making local_bfd changes - Making same bfd changes that were made before --- .../calico/confd/templates/bird.cfg.template | 25 +++++++++++++++---- lib.Makefile | 7 ++++-- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/confd/etc/calico/confd/templates/bird.cfg.template b/confd/etc/calico/confd/templates/bird.cfg.template index 97a247b5900..e8ee2f9d6d3 100644 --- a/confd/etc/calico/confd/templates/bird.cfg.template +++ b/confd/etc/calico/confd/templates/bird.cfg.template @@ -69,16 +69,16 @@ listen bgp{{$listen_address}}{{$listen_port}}; {{- end}} {{- define "LOGGING"}} -{{- $node_logging_key := printf "/host/%s/loglevel" (getenv "NODENAME")}} +{{- $node_logging_key := "debug"}} {{- if exists $node_logging_key}} -{{- $logging := getv $node_logging_key}} +{{- $logging := "debug"}} {{- if eq $logging "debug"}} debug all; {{- else if ne $logging "none"}} debug { states }; {{- end}} {{- else if exists "/global/loglevel"}} -{{- $logging := getv "/global/loglevel"}} +{{- $logging := "debug"}} {{- if eq $logging "debug"}} debug all; {{- else if ne $logging "none"}} @@ -107,7 +107,6 @@ protocol kernel { # Watch interface up/down events. protocol device { -{{- template "LOGGING"}} scan time 2; # Scan interfaces every 2 seconds } @@ -118,7 +117,6 @@ protocol device { {{- end}} protocol direct { -{{- template "LOGGING"}} {{- if ne "" $ignored_interfaces}}{{$ifaces := split $ignored_interfaces ","}} interface {{range $ifaces}}-"{{.}}", {{end}}-"cali*", -"kube-ipvs*", "*"; {{- else}} @@ -134,6 +132,20 @@ protocol direct { {{- end}} } +protocol bfd { + debug { states }; + interface -"cali*", -"kube-ipvs*", "*" { + interval 1000 ms; + idle tx interval 2000 ms; + multiplier 3; + }; + multihop { + interval 1000 ms; + idle tx interval 2000 ms; + multiplier 3; + }; +} + {{if eq "" ($node_ip)}}# IPv4 disabled on this node. {{else}}{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}} # Template for all BGP clients @@ -192,6 +204,7 @@ template bgp bgp_template { {{if gt $onode_ip $node_ip}} passive on; # Mesh is unidirectional, peer will connect to us. {{- end}} + bfd on; {{- if exists "/global/node_mesh_restart_time"}}{{$node_mesh_restart_time := getv "/global/node_mesh_restart_time"}} {{- if ne ($node_mesh_restart_time) ""}} graceful restart time {{$node_mesh_restart_time}}; @@ -235,6 +248,7 @@ protocol bgp Global_{{$id}} from bgp_template { {{- end}} {{- if ne $data.restart_time ""}} graceful restart time {{$data.restart_time}}; + bfd on; {{- end}} {{- if and (eq $data.as_num $node_as_num) (ne "" ($node_cluster_id)) (ne $data.rr_cluster_id ($node_cluster_id))}} rr client; @@ -281,6 +295,7 @@ protocol bgp Node_{{$id}} from bgp_template { {{- end}} {{- if ne $data.restart_time ""}} graceful restart time {{$data.restart_time}}; + bfd on; {{- end}} {{- if and (eq $data.as_num $node_as_num) (ne "" ($node_cluster_id)) (ne $data.rr_cluster_id ($node_cluster_id))}} rr client; diff --git a/lib.Makefile b/lib.Makefile index a32926a0c5b..e5da898de38 100644 --- a/lib.Makefile +++ b/lib.Makefile @@ -329,7 +329,11 @@ endif DOCKER_BUILD=docker buildx build --pull \ --build-arg QEMU_IMAGE=$(CALICO_BUILD) \ --build-arg UBI_IMAGE=$(UBI_IMAGE) \ - --build-arg GIT_VERSION=$(GIT_VERSION) $(TARGET_PLATFORM) + --build-arg GIT_VERSION=$(GIT_VERSION) $(TARGET_PLATFORM) \ + --label org.opencontainers.image.source="https://github.com/powerhome/calico" \ + --label org.opencontainers.image.version=$(GIT_VERSION) \ + --label org.opencontainers.image.revision=$(GIT_COMMIT) \ + --label org.opencontainers.image.licenses="Apache-2.0" DOCKER_RUN := mkdir -p ../.go-pkg-cache bin $(GOMOD_CACHE) && \ docker run --rm \ @@ -1388,4 +1392,3 @@ help: @echo "BUILDARCH (host): $(BUILDARCH)" @echo "CALICO_BUILD: $(CALICO_BUILD)" @echo "-----------------------------------------------------------" - From 8eff151e7ba3ee29ec33e6ac9f709de7c68c6ab8 Mon Sep 17 00:00:00 2001 From: Alex Murphy Date: Wed, 25 Oct 2023 12:00:09 -0400 Subject: [PATCH 2/6] Prevent BIRD from announcing routes with AS_PATH length > 1. --- .../etc/calico/confd/templates/bird_ipam.cfg.template | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/confd/etc/calico/confd/templates/bird_ipam.cfg.template b/confd/etc/calico/confd/templates/bird_ipam.cfg.template index a2f0adfee5c..df8c89ff198 100644 --- a/confd/etc/calico/confd/templates/bird_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird_ipam.cfg.template @@ -8,6 +8,15 @@ function reject_disabled_pools () {{- end}} } +function reject_third_party_routes () +{ + if (defined(bgp_path)) then { + if (bgp_path.len > 1) then { + reject; + } + } +} + filter calico_export_to_bgp_peers { # filter code terminates when it calls `accept;` or `reject;`, call reject_disabled_pools() first, then apply_communities() and then calico_aggr() reject_disabled_pools(); @@ -23,6 +32,7 @@ filter calico_export_to_bgp_peers { if ( net ~ {{$cidr}} ) then { accept; } {{- end}} {{- end}} + reject_third_party_routes(); {{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}} {{- if $data.disableBGPExport}} # Skip {{$data.cidr}} as BGP export is disabled for it From 7db448a22199a6604b51029ce1b841bc62fbea6d Mon Sep 17 00:00:00 2001 From: Alex Murphy Date: Wed, 25 Oct 2023 12:20:29 -0400 Subject: [PATCH 3/6] Adjust release settings to powerhome - Adjust release settings to powerhome --- hack/release/pkg/builder/builder.go | 9 ++------- metadata.mk | 8 ++++---- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/hack/release/pkg/builder/builder.go b/hack/release/pkg/builder/builder.go index aaaeaa35786..47abafa304b 100644 --- a/hack/release/pkg/builder/builder.go +++ b/hack/release/pkg/builder/builder.go @@ -28,16 +28,11 @@ import ( var ( // Registries to which all release images are pushed. registries = []string{ - "docker.io/calico", - "quay.io/calico", - "gcr.io/projectcalico-org", - "eu.gcr.io/projectcalico-org", - "asia.gcr.io/projectcalico-org", - "us.gcr.io/projectcalico-org", + "ghcr.io/powerhome/calico", } // Git configuration for publishing to GitHub. - organization = "projectcalico" + organization = "powerhome" repo = "calico" origin = "origin" ) diff --git a/metadata.mk b/metadata.mk index 679366f20e2..2360e881a2f 100644 --- a/metadata.mk +++ b/metadata.mk @@ -6,9 +6,9 @@ GO_BUILD_VER = v0.82 # Version of Kubernetes to use for tests. -K8S_VERSION = v1.24.7 +K8S_VERSION = v1.22.17 # This is used for bitnami/kubectl and kubectl binary release. -KUBECTL_VERSION = v1.24.8 +KUBECTL_VERSION = v1.22.17 # Version of various tools used in the build and tests. COREDNS_VERSION=1.5.2 @@ -17,7 +17,7 @@ PROTOC_VER=v0.1 UBI_VERSION=8.8 # Configuration for Semaphore integration. -ORGANIZATION = projectcalico +ORGANIZATION = powerhome # Configure git to access repositories using SSH. GIT_USE_SSH = true @@ -28,7 +28,7 @@ BIRD_VERSION=v0.3.3-202-g7a77fb73 # DEV_REGISTRIES configures the container image registries which are built from this # repository. By default, just build images with calico/. Allow this variable to be overridden, # as both CI/CD and the release tooling will override this to build publishable images. -DEV_REGISTRIES ?= calico +DEV_REGISTRIES ?= powerhome/calico # RELEASE_REGISTIRES configures the container images registries which are published to # as part of an official release. From 9f42195cac72246b36386b85b318847917d0bc0c Mon Sep 17 00:00:00 2001 From: Alex Murphy Date: Wed, 25 Oct 2023 15:29:07 -0400 Subject: [PATCH 4/6] Update dev registry - Updates dev registry --- metadata.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.mk b/metadata.mk index 2360e881a2f..8a9df166d13 100644 --- a/metadata.mk +++ b/metadata.mk @@ -28,7 +28,7 @@ BIRD_VERSION=v0.3.3-202-g7a77fb73 # DEV_REGISTRIES configures the container image registries which are built from this # repository. By default, just build images with calico/. Allow this variable to be overridden, # as both CI/CD and the release tooling will override this to build publishable images. -DEV_REGISTRIES ?= powerhome/calico +DEV_REGISTRIES ?= ghcr.io/powerhome/calico # RELEASE_REGISTIRES configures the container images registries which are published to # as part of an official release. From 6d689fa21c8f437b37106b9fa70f40ea8a10ae5d Mon Sep 17 00:00:00 2001 From: Alex Murphy Date: Wed, 25 Oct 2023 15:31:46 -0400 Subject: [PATCH 5/6] Change use_ssh --- metadata.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.mk b/metadata.mk index 8a9df166d13..5ec27bad4a1 100644 --- a/metadata.mk +++ b/metadata.mk @@ -20,7 +20,7 @@ UBI_VERSION=8.8 ORGANIZATION = powerhome # Configure git to access repositories using SSH. -GIT_USE_SSH = true +GIT_USE_SSH = false # The version of BIRD to use for calico/node builds and confd tests. BIRD_VERSION=v0.3.3-202-g7a77fb73 From cce0bfc521f27a361965e23c2c2601a658752dbe Mon Sep 17 00:00:00 2001 From: Alex Murphy Date: Wed, 25 Oct 2023 15:45:28 -0400 Subject: [PATCH 6/6] Makefile changes --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 07973096b27..170d2ee9646 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -PACKAGE_NAME = github.com/projectcalico/calico +PACKAGE_NAME = github.com/powerhome/calico include metadata.mk include lib.Makefile @@ -15,7 +15,7 @@ DOCKER_RUN := mkdir -p ./.go-pkg-cache bin $(GOMOD_CACHE) && \ -e OS=$(BUILDOS) \ -e GOOS=$(BUILDOS) \ -e GOFLAGS=$(GOFLAGS) \ - -v $(CURDIR):/go/src/github.com/projectcalico/calico:rw \ + -v $(CURDIR):/go/src/github.com/powerhome/calico:rw \ -v $(CURDIR)/.go-pkg-cache:/go-cache:rw \ -w /go/src/$(PACKAGE_NAME)