[ATMOSPHERE-461]Kube vip bgp + CI (#147)

ricolin · tvanfleet · mnaser · web-flow · commit 949b1d1422bc · 2025-02-11T20:16:59.000-05:00
* Feat: Add BGP as an option for the Kube_VIP (#3) * Feat: Add BGP as an option for the Kube_VIP * AB#9103388 * fix template name * fix template name * Kubevipbgp (#4) * Feat: Add BGP as an option for the Kube_VIP * AB#9103388 * fix template name * fix template name * removed whitespace * VexxHost suggestions (#6) * Feat: Add BGP as an option for the Kube_VIP * AB#9103388 * fix template name * fix template name * removed whitespace * made changes per VexxHost Feedback * removed template * fixed variables * template fix (#8) * Kubevip (#9) * template fix * space :| * Kubevipbgp (#10) * Feat: Add BGP as an option for the Kube_VIP * AB#9103388 * fix template name * fix template name * removed whitespace * made changes per VexxHost Feedback * removed template * fixed variables * fixed template * Update main.yml * Update main.yml whitespace * Update main.yml * correct vip configs * Add BPG molecule * improve bgp in kube_vip template * Add tox env molecule-bgp * fix package and add zuul * use correct address for bgp * fix kube-vip.yaml.j2 format * add bgp_sourceip * add molecule bgp verify * add SPDX and change molecule vars * Update prepare.yml * Update converge.yml * Update verify.yml * Reorder based on docs --------- Co-authored-by: tvanfleet <tadvanfleet@gmail.com> Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/molecule/bgp/converge.yml b/molecule/bgp/converge.yml
@@ -0,0 +1 @@
+../kubernetes/converge.yml
diff --git a/molecule/bgp/molecule.yml b/molecule/bgp/molecule.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+dependency:
+  name: galaxy
+driver:
+  name: default
+  options:
+    managed: False
+    ansible_connection_options:
+      ansible_become: "true"
+      ansible_connection: local
+platforms:
+  - name: instance
+    groups:
+      - controllers
+provisioner:
+  name: ansible
+  config_options:
+    connection:
+      pipelining: true
+  inventory:
+    group_vars:
+      all:
+        kubernetes_version: ${KUBERNETES_VERSION-1.28.13}
+        cilium_helm_values:
+          operator:
+            replicas: 1
+      controllers:
+        kube_vip_interface: "{{ ansible_facts['default_ipv4'].interface }}"
+        kube_vip_address: 172.17.0.100
+        kubernetes_hostname: "{{ ansible_facts['default_ipv4'].address }}"
+        # use bgp for kube-vip
+        kube_vip_mode: bgp
+        kube_vip_bgp_routerid: 172.17.0.100
+        kube_vip_bgp_peeraddress: "{{ ansible_facts['default_ipv4'].address }}"
+        kube_vip_bgp_sourceip: 172.17.0.100
+        kube_vip_bgp_multihop: true
+verifier:
+  name: ansible
diff --git a/molecule/bgp/prepare.yml b/molecule/bgp/prepare.yml
@@ -0,0 +1,64 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- ansible.builtin.import_playbook: ../kubernetes/prepare.yml
+
+- name: Prepare BGP
+  hosts: all
+  become: true
+  tasks:
+    - ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        sysctl_set: true
+        state: present
+        reload: true
+
+    - name: Add FRR Apt signing key
+      ansible.builtin.apt_key:
+        url: https://deb.frrouting.org/frr/keys.asc
+        state: present
+      when: ansible_facts['os_family'] in ['Debian']
+
+    - name: Add FRR repository
+      ansible.builtin.apt_repository:
+        repo: "deb https://deb.frrouting.org/frr jammy frr-stable"
+        state: present
+      when: ansible_facts['os_family'] in ['Debian']
+
+    - name: Install frr packages
+      ansible.builtin.package:
+        name:
+          - frr
+          - frr-pythontools
+        update_cache: true
+
+    - name: Ensure bgpd is enabled
+      ansible.builtin.lineinfile:
+        path: /etc/frr/daemons
+        regexp: '^bgpd=no'
+        line: bgpd=yes
+
+    - name: Update FRR configuration
+      ansible.builtin.template:
+        src: frr.conf.j2
+        dest: /etc/frr/frr.conf
+        owner: root
+        group: root
+        mode: "0644"
+
+    - name: Restart service frr
+      ansible.builtin.service:
+        name: frr
+        state: restarted
diff --git a/molecule/bgp/templates/frr.conf.j2 b/molecule/bgp/templates/frr.conf.j2
@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+
+frr defaults traditional
+log syslog informational
+debug bgp events
+debug bgp filters
+debug bgp fsm
+debug bgp keepalives
+debug bgp updates
+router bgp 65000
+bgp router-id {{ ansible_facts['default_ipv4'].address }}
+bgp log-neighbor-changes
+neighbor 172.17.0.100 remote-as 65000
+neighbor 172.17.0.100 soft-reconfiguration inbound
diff --git a/molecule/bgp/verify.yml b/molecule/bgp/verify.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+- ansible.builtin.import_playbook: ../kubernetes/verify.yml
+
+- name: verify BGP
+  hosts: all
+  become: true
+  tasks:
+    - name: Get all nodes
+      ansible.builtin.command: |
+        vtysh -c 'show ip bgp neighbors 172.17.0.100 received-routes'
+      register: received
+      retries: 60
+      delay: 2
+      until:
+        - received.rc == 0
+        - received.stdout.find('172.17.0.100/32') != -1
+
+    - name: Print bgp neighbors received-routes
+      ansible.builtin.debug:
+        msg: "{{ received.stdout_lines }}"
diff --git a/roles/kube_vip/defaults/main.yml b/roles/kube_vip/defaults/main.yml
@@ -23,3 +23,29 @@ kube_vip_interface: "{{ keepalived_interface | default(kubernetes_keepalived_int
 
 # IP address to use for kube-vip
 kube_vip_address: "{{ keepalived_vip | default(kubernetes_keepalived_vip) }}"
+
+# VIP mode for kube-vip (valide options: arp or bgp)
+kube_vip_mode: arp
+
+# BGP peers, if BGP is enabled
+# kube_vip_bgp_peers: 192.168.0.10:65000::false,192.168.0.11:65000::false
+
+# BGP peer as, if BGP is enabled
+# kube_vip_bgp_peeras: "65000"
+
+# AS of a single BGP Peer, if BGP is enabled
+# kube_vip_bgp_as: "65000"
+
+# BGP router id, if BGP is enabled
+# kube_vip_bgp_routerid: 192.168.0.2
+#
+# kube_vip_bgp_routerinterface: ens3
+
+# Address of a single BGP Peer, if BGP is enabled
+# kube_vip_bgp_peeraddress:
+
+# password to work with a single BGP Peer, if BGP is enabled
+# kube_vip_bgp_peerpass:
+
+# Determines which IP address BGP should peer from
+# kube_vip_bgp_sourceip: 192.168.0.2
diff --git a/roles/kube_vip/templates/kube-vip.yaml.j2 b/roles/kube_vip/templates/kube-vip.yaml.j2
@@ -9,8 +9,6 @@ spec:
   - args:
     - manager
     env:
-    - name: vip_arp
-      value: "true"
     - name: port
       value: "6443"
     - name: vip_interface
@@ -23,6 +21,9 @@ spec:
       value: kube-system
     - name: vip_ddns
       value: "false"
+{% if kube_vip_mode == "arp" %}
+    - name: vip_arp
+      value: "true"
     - name: svc_enable
       value: "true"
     - name: svc_leasename
@@ -37,6 +38,44 @@ spec:
       value: "10"
     - name: vip_retryperiod
       value: "2"
+{% elif kube_vip_mode == "bgp" %}
+    - name: vip_arp
+      value: "false"
+    - name: bgp_enable
+      value: "true"
+{% if kube_vip_bgp_routerid is defined %}
+    - name: bgp_routerid
+      value: "{{ kube_vip_bgp_routerid }}"
+{% endif %}
+{% if kube_vip_bgp_routerinterface is defined %}
+    - name: bgp_routerinterface
+      value: "{{ kube_vip_bgp_routerinterface }}"
+{% endif %}
+{% if kube_vip_bgp_as is defined %}
+    - name: bgp_as
+      value: "{{ kube_vip_bgp_as }}"
+{% endif %}
+{% if kube_vip_bgp_peers is defined %}
+    - name: bgp_peers
+      value:  "{{ kube_vip_bgp_peers }}"
+{% endif %}
+{% if kube_vip_bgp_peeraddress is defined %}
+    - name: bgp_peeraddress
+      value: "{{ kube_vip_bgp_peeraddress }}"
+{% endif %}
+{% if kube_vip_bgp_peeras is defined %}
+    - name: bgp_peeras
+      value: "{{ kube_vip_bgp_peeras }}"
+{% endif %}
+{% if kube_vip_bgp_peerpass is defined %}
+    - name: bgp_peerpass
+      value: "{{ kube_vip_bgp_peerpass }}"
+{% endif %}
+{% if kube_vip_bgp_sourceip is defined %}
+    - name: bgp_sourceip
+      value:  "{{ kube_vip_bgp_sourceip }}"
+{% endif %}
+{% endif %}
     - name: address
       value: "{{ kube_vip_address }}"
     - name: prometheus_server
diff --git a/tox.ini b/tox.ini
@@ -24,6 +24,14 @@ passenv =
 commands =
   molecule test -s aio
 
+[testenv:molecule-bgp]
+deps =
+  {[testenv:molecule-venv]deps}
+passenv =
+  KUBERNETES_VERSION
+commands =
+  molecule test -s bgp
+
 [testenv:molecule-cluster-api]
 deps =
   {[testenv:molecule-venv]deps}
diff --git a/zuul.d/jobs-jammy.yaml b/zuul.d/jobs-jammy.yaml
@@ -12,40 +12,71 @@
 - job:
     name: ansible-collection-kubernetes-molecule-jammy-aio
     parent: ansible-collection-kubernetes-molecule-jammy
+
+- job:
+    name: ansible-collection-kubernetes-molecule-jammy-aio-arp
+    parent: ansible-collection-kubernetes-molecule-jammy
     vars:
       tox_envlist: molecule-aio
 
 - job:
-    name: ansible-collection-kubernetes-molecule-jammy-aio-1-26
-    parent: ansible-collection-kubernetes-molecule-jammy-aio
+    name: ansible-collection-kubernetes-molecule-jammy-aio-bgp
+    parent: ansible-collection-kubernetes-molecule-jammy
+    vars:
+      tox_envlist: molecule-bgp
+
+- job:
+    name: ansible-collection-kubernetes-molecule-jammy-aio-arp-1-26
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-arp
     vars:
       tox_environment:
         KUBERNETES_VERSION: 1.26.15
 
 - job:
-    name: ansible-collection-kubernetes-molecule-jammy-aio-1-27
-    parent: ansible-collection-kubernetes-molecule-jammy-aio
+    name: ansible-collection-kubernetes-molecule-jammy-aio-arp-1-27
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-arp
     vars:
       tox_environment:
         KUBERNETES_VERSION: 1.27.16
 
 - job:
-    name: ansible-collection-kubernetes-molecule-jammy-aio-1-28
-    parent: ansible-collection-kubernetes-molecule-jammy-aio
+    name: ansible-collection-kubernetes-molecule-jammy-aio-arp-1-28
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-arp
+    vars:
+      tox_environment:
+        KUBERNETES_VERSION: 1.28.13
+
+- job:
+    name: ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-28
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-bgp
     vars:
       tox_environment:
         KUBERNETES_VERSION: 1.28.13
 
 - job:
-    name: ansible-collection-kubernetes-molecule-jammy-aio-1-29
-    parent: ansible-collection-kubernetes-molecule-jammy-aio
+    name: ansible-collection-kubernetes-molecule-jammy-aio-arp-1-29
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-arp
+    vars:
+      tox_environment:
+        KUBERNETES_VERSION: 1.29.12
+
+- job:
+    name: ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-29
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-bgp
     vars:
       tox_environment:
         KUBERNETES_VERSION: 1.29.12
 
 - job:
-    name: ansible-collection-kubernetes-molecule-jammy-aio-1-30
-    parent: ansible-collection-kubernetes-molecule-jammy-aio
+    name: ansible-collection-kubernetes-molecule-jammy-aio-arp-1-30
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-arp
+    vars:
+      tox_environment:
+        KUBERNETES_VERSION: 1.30.8
+
+- job:
+    name: ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-30
+    parent: ansible-collection-kubernetes-molecule-jammy-aio-bgp
     vars:
       tox_environment:
         KUBERNETES_VERSION: 1.30.8
@@ -54,15 +85,21 @@
     name: ansible-collection-kubernetes-molecule-jammy
     check:
       jobs:
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-26
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-27
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-28
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-29
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-30
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-26
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-27
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-28
+        - ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-28
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-29
+        - ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-29
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-30
+        - ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-30
     gate:
       jobs:
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-26
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-27
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-28
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-29
-        - ansible-collection-kubernetes-molecule-jammy-aio-1-30
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-26
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-27
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-28
+        - ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-28
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-29
+        - ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-29
+        - ansible-collection-kubernetes-molecule-jammy-aio-arp-1-30
+        - ansible-collection-kubernetes-molecule-jammy-aio-bgp-1-30
