mirror of https://gerrit.hackerspace.pl/hscloud
cluster: do not export metallb routes to mesh peers
This prevents metallb routes being announced from all peers to our ToR, thereby preventing issues with traffic hitting services with externalTrafficPolicy: local. There still is the from-host loopback issue, but that will be fixed by upgrading to kube 1.15. Change-Id: Ifc9964b46840aee82d99f0b6550188550e46fe04changes/53/453/2
parent
f0acf16564
commit
c7de7e562f
|
@ -1,13 +1,22 @@
|
|||
# This is forked from bird.cfg.template from calico running on k0.hswaw.net on 2020/09/21.
|
||||
# Changed vs. upstream (C-f HSCLOUD):
|
||||
# - do not pass over RTD_UNREACHABLE routes obtained from mesh peers, to
|
||||
# prevent them from being then passed over to ToRs. This prevents route leaks
|
||||
# of metallb routes into ToRs from nodes that do not actually run that
|
||||
# particular metallb service.
|
||||
# - do not program RTD_UNREACHABLE routes into the kernel (these come from metallb, and
|
||||
# programming them seems to break things)
|
||||
# Generated by confd
|
||||
|
||||
filter calico_export_to_bgp_peers {
|
||||
calico_aggr();
|
||||
{{- $static_key := "/staticroutes"}}
|
||||
{{- if ls $static_key}}
|
||||
|
||||
if ( proto ~ "Mesh_*" ) && ( dest = RTD_UNREACHABLE ) then { # HSCLOUD
|
||||
reject;
|
||||
}
|
||||
|
||||
# Export static routes.
|
||||
{{- range ls $static_key}}
|
||||
{{- $parts := split . "-"}}
|
||||
|
|
Loading…
Reference in New Issue