49 Commits

Author SHA1 Message Date
Tom Pointon
d6f9f31a7b Fix: Send BGP Withdrawals for Service VIPs Upon Service Deletion (#756)
* Refactor: seperate fetching service VIPs from advertise/withdrawal decision

* Refactor: simplify advertise/withdrawal logic

* Pass svcDeleted param to getVIPsForService

* Don't advertise VIPs from deleted services

* Test for withdrawing VIPs from deleted service

* Refactor: use explicit handleServiceDelete functions
2019-09-19 17:55:15 +05:30
ТАМИХИРО ЛЕЕ
3aacd488d8 fix clusteripprefixset import policy (#771) 2019-09-09 19:04:17 +05:30
Marcus Röder
803bd90256 Allow setting the BGP graceful restart deferral time. See RFC4724 4.1 (#753)
GoBGP's default value for deferral time is 360 seconds.
That means that the routes are not sent to the BGP peer until
this timer is elapsed, so a server is unreachable for 360
seconds, when kube-router restarts.

The new parameter is --bgp-graceful-restart-deferral-time duration_with_unit

For example '--bgp-graceful-restart-deferral-time 10s'
2019-08-22 13:43:13 -07:00
Aaron U'Ren
8fe9f70dd5 Add Import Policy for Service VIPs (#721)
* rename export policies to make it direction independent

* split creating neighborsets and prefixsets from applying export policy

* add bgp import policy to deny service VIPs

* add tests for addition of import policy
2019-05-26 23:29:10 +05:30
Murali Reddy
d6a93d44fe
handle null *route (#732) 2019-05-12 14:12:32 +05:30
Aaron U'Ren
8bb50d5a8c do not setup ipip tunneling when --enable-overlay is false (#722) 2019-05-12 12:43:02 +05:30
milan
7181d6fa96 Prefer node PodCIDR from an annotation (#720)
Current implementation never considers the "kube-router.io/pod-cidr"
annotation when creating an ipset for the node pod network CIDR.
The Node.Spec.PodCIDR is always used instead.

This patch prefers the annotation PodCIDR over the Node.Spec.PodCIDR
2019-04-25 23:07:10 +05:30
Lucas Servén Marín
e2301761a5 docs,pkgs: change 'can not' to 'cannot' (#701)
This commit fixes a grammar mistake in a doc and some log messages.
2019-04-04 10:27:28 +05:30
Jérôme Petazzoni
375ccc2737 Minor typo fix in logs (#700)
s/annotaion/annotation/
2019-04-02 09:36:21 +05:30
Lucas Mundim
8f9729a01d Introduces the option --overlay-type={subnet,full}, to be able to always generate IPIP tunnels regardless of node subnets (#666)
* Introduces the option --full-overlay, to always generate IPIP tunnels regardless of node subnets

* Use --overlay-type={subnet,full} instead of --full-overlay={true,false}
2019-03-23 23:31:42 +05:30
Matus Kral
961d8ab84c fix #639 (#670)
* - refactor / clean up / extract code dupes into methods and reuse

* - fix 639
- get external IPs to withdraw as diff against previous generation
  of service
2019-03-10 15:00:16 +05:30
Lucas Mundim
00824cd84b Fix typo (#661) 2019-02-09 10:17:09 +05:30
Arvinderpal Wander
1876993862 Removes IPv6 address insertion into BGP IPv4-only nexthop field. (#606)
https://github.com/cloudnativelabs/kube-router/issues/605
2019-01-30 18:29:55 +05:30
Murali Reddy
e99b694194
make gobgp grpc server listen only nodeip and 127.0.0.1 (#649)
Fixes #640
2019-01-30 09:09:57 +05:30
Aaron U'Ren
a968b2b4d2 cleanup local routes if nexthop moves outside host subnet (#629) 2019-01-22 23:29:53 +05:30
Arvinderpal Wander
c63e71a523 Enable net.bridge.bridge-nf-call-ip6tables for IPv6. (#608)
https://github.com/cloudnativelabs/kube-router/issues/607
2018-12-15 18:14:13 +05:30
Eric Lindvall
c38e8f66ff Change append to insert for iptables rules (#596)
* Change append to insert for iptables rules

Updates how iptables FORWARD rules are applied to accommodate an existing final DROP rule for the chain.

* Fix the calls to Insert() to include a position

* iptables rules indexes are 1-based
2018-12-13 12:52:38 +05:30
bazuchan
853b75b156 Periodicaly sync default forward rules (#603) 2018-12-13 12:40:36 +05:30
Lars Ekman
6cdc237377 Make ipv6 routing to pods (CNI routing) work for ipv6 (#578) 2018-12-09 11:45:56 +05:30
Steven Armstrong
1a30f9e2e1 implement per-service annotations to control IP advertisment (#575)
* add unit tests for implementing #75

Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>

* integration tests for #75

Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>

* update docs for #75

Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>

* define new kube-router.io/service.advertise.* annotations

Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>

* Implement per service annotations for advertising IPs.

Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>

* more consistent annotation names

Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>

* remove redundant tests

Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
2018-12-09 10:38:12 +05:30
Joakim Karlsson
e5d599b14c
Roffe/metrics polish (#595)
* update metrics docs & dashboard
* renamed `namespace` label to `svc_namespace` for service metrics as it would be overwritten by most Prometheus setups
* Made histograms for all the controller sync times for better visualization
* added `controller_routes_sync_time`, `controller_bgp_advertisements_sent` & `controller_policy_chains_sync_time` metrics
2018-12-07 16:22:41 +01:00
rillion
c39c13b6cf No reason to restrict Peer ASN's to private only. (#576)
* No reason to restrict Peer ASN's to private only. This change is to restrict to public and private ranges.

* gofmt
2018-11-16 11:12:31 +05:30
Murali Reddy
4d6b7faaf9
Fixes regression in BGP route reflector functionality. (#573)
Use proper conversion so correct cluster ID is passed to GoBGP library
2018-11-15 08:45:56 +05:30
Lars Ekman
535fcc5abe Added "--router-id=" parameter. (#563)
For ipv6 it is not possible to use the ip address as router-id
and this parameter is required.
2018-11-02 11:00:02 +05:30
Lars Ekman
f95cdedfaa Improved detect in ipv6IsEnabled() (#555)
* Improved detect in ipv6IsEnabled()

* Added comments in ipv6IsEnabled.

Problem described in #155
2018-10-27 09:21:38 +05:30
Lars Ekman
077ff86bcc Ipv6; BGP peering (#545)
* Use ip6tables for ipv6 and handle ipv6 for egress rules

* Make the temp ipset's fit into 31 characters

This should be improved. Some hash string should be used for
temp names.
2018-10-10 11:02:59 +05:30
Lars Ekman
05907d8def Ipv6; Support ipset with "family inet6" (#538)
* Ipv6; Support ipset with "family inet6"

* Removed unnecessary comment
2018-09-23 12:42:52 +05:30
rjosephwright
77459ddb2c Add CLI option to toggle disabling of source-dest-check in EC2 (#541)
When the number of nodes in a cluster is high enough, the
`disableSourceDestinationCheck()` logic creates a high number
of requests to EC2, resulting in throttling and subsequent
problems, such as the inability to attach EBS volumes. This is
not necessarily mitigated by the `ec2IamAuthorized` attribute
which was added to overcome this issue, as the number of
requests can still be high enough to reach Amazon's request
limits. In addition, it is not necessary to run this multiple
times in a loop for all the nodes in a cluster, as it is
sufficient to set it once when an instance boots.

This CLI option allows an administrator to turn off this
feature for kube-router so they can use some other means of
setting the attribute.
2018-09-23 00:20:37 +05:30
Andrew Sy Kim
7496b00ddd dont shutdown gobgp server if graceful restart is enabled (#526) 2018-08-31 16:49:24 +05:30
Murali Reddy
01ec8837fa
prevent IPIP tunnel creation when --override-nexthop=ture (#518) 2018-08-15 23:03:22 +05:30
Johan Thomsen
1db83adfb9 Added support for custom BGP ports with 179 still being default (#492) (#493)
* Introduced new cmdline flag --bgp-port, which controls BGP Server listening port and remote port of in-cluster node peers

    * Introduced new cmdline flag --peer-router-ports, which controls remote BGP port for external peers

    * Introduced new node annotation kube-router.io/peer.ports with same effect as --peer-router-ports
2018-08-15 22:59:47 +05:30
Murali Reddy
86ba7840a6
Introduces the option --override-nexthop, to override the next hop used in advertised routes (#502)
* Introduces the option --override-nexthop, setting it to true will make
advertised next hop for the routers to the peers will be automatically
selected to be appropriate reachable local IP. This will be overrider
any next-hop set for the routes in the RIB. Kube-router by defauly set
the next-hop to `node IP` which is not correct in case of nodes with
multiple interfaces and use differnt interaces for differect external
peers.

Fixes #480

* add next-hop-self documentation
2018-08-13 20:12:55 +05:30
Murali Reddy
624c74f865
issue-385: make it optional on which ip address BGP server listens (#473)
* introduces per node anntation kube-router.io/bgp-local-addresses to configure IP address on which BGP server should lister

* docs
2018-08-13 17:47:23 +05:30
Andrew Sy Kim
94e163b5d7 update BGP export policies on endpoints add event (#508) 2018-08-10 19:40:37 +05:30
Emil Stolarsky
82410c14d0 Add support for BGP path prepending through node annotations (#476) 2018-07-11 06:48:21 -04:00
Andor Uhlár
7c21815b43 Report delay metrics as seconds, not nanos (#465)
* Report delay metrics as seconds, not nanos
* "ns" -> "s" labels in example dashboard
2018-06-13 16:29:41 +02:00
Murali Reddy
327a46d5ba
fix race condition issues with health checks (#460)
* fix race condition issues with health checks

* better log meesage when skipping heartbeat
2018-06-07 17:29:19 +05:30
Murali Reddy
5c6a24d4d6
Fix NPE when performing cleanup() (#458)
* Fix NPE when performing cleanup()

* update cleanup documentaion
2018-06-05 01:05:34 +07:00
Andrew Sy Kim
1c7866cd91 Allow CNI plugin to be disabled (#443) 2018-06-04 19:17:22 +07:00
Andrew Sy Kim
5e4ca2922b set iBGP export policies only if its enabled (#453) 2018-06-04 19:06:09 +07:00
Murali Reddy
6887ce716e
add proper message when reading pod CIDR from cni conf file (#450) 2018-05-26 02:52:28 +05:30
Murali Reddy
380a4763b6
update export polices onNodeUpdate so the routes are exchanged with new node immediatley (#441) 2018-05-17 15:50:47 +05:30
Rahul Menon
8aa4324211 adds explicit check for existing tunnel to avoid partial matches (#442) 2018-05-16 21:27:23 +05:30
Murali Reddy
6d86656f5e
fix wrong use of advertiseVIPs where withdrawVIPs is required (#436) 2018-05-13 09:14:09 +05:30
Murali Reddy
b0733cb581
update clusteripprefixset so that BGP export policies allow advertising the service VIP (#435) 2018-05-13 08:32:36 +05:30
Murali Reddy
359ab1d9a1
explicilty specify source IP to use when send traffic over tunnels (#428) 2018-05-11 03:32:24 +05:30
Murali Reddy
41332a18b9
Ability to enable/disable node advertising its pod CIDR to external BGP peers (#408)
* Node should advertise its pod CIDR to external BGP peers only if
--advertise-node-pod-cidr is set to true (defaults to true).
This is to enable a case where pod's remain non-routable from out of the
cluster but service VIP's can be routable from out side the cluster.

* fix unit test

* address review comments
2018-04-23 18:32:59 +00:00
Murali Reddy
23d43622ec
split routing controllers to smaller modules by function (#406)
* split routing controllers to smaller modules by function

* review comments
2018-04-23 05:42:28 +00:00
Murali Reddy
05bec8b385
break controller package to independent packages (#405) 2018-04-22 13:25:58 +00:00