This also makes the call that happens upon path withdrawl safer, by
checking to see if the route exists before deleting it.
One departure here is that we used to only log errors, now we return
errors as soon as they are encountered, this may cause some routes to
persist even if they had been cleaned before by stopping at the first
error. However, I think that it makes for more consistent and expected
behavior if this needs to be called in another place.
Previously, this section was commented out and full testing to ensure
that the policies matched was not performed. Now the unit tests are more
complete and actually test that the expected policies are present.
Use startBgpServer() rather than doing things individually, so that we
can follow the logic path of how kube-router actually works better. This
allows us to use annotations rather than set stuff manually and allows
us to test more of the code-path of the NRC.
Additionally, this change allows us to actually test some errors better
such as, make sure that startBgpServer() actually throws the error we
expect when only one part of the prepend ASN annotation is present.
Previously, we were not actually testing this code path.
* doc(ecmp_vip.go): add info around extra withdraw
Rename getWithdraw to make it more explicit what its doing here. Also
add documentation as to why this is needed on Update and not
Create/Delete as well as why we only treat externalIPs.
* fix(ecmp_vip.go): remove superfluous AddPolicies
AddPolicies is already called downstream of nrc.OnEndpointsUpdate() so
there is no need to do it here as well, the only result is that this
expensive operation and idempotent operation is run twice.
* feat: better handling of headless services
Also introduces a consolidated Service utilities section for controller
functionality related to services that is shared.
* fix: add logging back to tryHandleServiceDelete
Properly consider the readiness of all services in the case where
multiple services share the same VIP. Don't withdraw a VIP just because
one service is not ready.
* Add support for reading peer passwords via a file
Syntax of the file is the same as for --peer-router-passwords, that is,
a comma separated list of base64 encoded passwords.
Passwords specified with --peer-router-passwords have precedence over
passwords read from peer-router-passwords-file.
* fix(options): peer password file linting and doc
Co-authored-by: Jean Raby <jean@raby.sh>
