cloud-provider-equinix-metal
cloud-provider-equinix-metal copied to clipboard
kubernetes-sigs
BGP peer password not being updated after initial startup
The Equinix Metal CCM is not updating the MetalLB configmap BGP peer password info after initial startup of the CPEM pod. CPEM does update the k8s node annotation metal.equinix.com/bgp-pass in real time but it does not update the MetalLB configmap unless you restart the CPEM pod.
To replicate this issue:
- Create an Equinix Metal project with either no BGP password or a password of your choice.
- Deploy a kubernetes cluster with CPEM + MetalLB.
- Change the Equinix Metal project BGP password. You could either change the existing password or remove it entirely or add a password if you don't have one set.
- Monitor the MetalLB configmap and you will notice that the password string does not get updated unless you restart the CPEM pod.
It might also be worth checking if CPEM is also updating other BGP peer info in the MetalLB configmap such as my-asn, peer-asn, peer-address.
It is more fundamental than the issue you raised.
The way that CPEM works is as follows:
- Upon starting, if BGP not already enabled, enable BGP on project, passing it the BGP Pass, ASN, etc. from the config/CLI/env-vars.
- Use the above to info to set the annotations and metallb configmap.
Other than at startup, CPEM never actually talks to the EQXM API to say, "what is your BGP setup, please give me your BGP pass, local ASN and peer ASN." Even when it finds them, it doesn't necessarily take the passed ones (which is a separate issue; I will open shortly).
- It does not read the info (ASNs, pass) dynamically at all
- Even when it does talk to the API, that is only on startup
Assume 1 is fixed (which it will be shortly). The more complex question is this one. How and when should it know to check the EQXM API to see if anything has changed? It doesn't have any timer-based events. It has informers which get triggered by Kubernetes-based events.
We could add those, but it gets messy. We used to have them and were really happy to be rid of them.
#263 is the new issue for the first half of this, #264 fixes that first half.
As reported above, the more complex issue is how to know that something has changed in the EQXM API side. We just don't do anything like that anywhere that I am aware of.
@deitch @displague I'm seeing an issue where the node annotation for BGP peer password is not being updated after the BGP password has been changed. Even restarting the CPEM pod does not cause the node annotations to be updated with the new BGP password. If I understand correctly, the CPEM pod should pull the new BGP peer password during startup per #264 .
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle rotten - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Reopen this issue with
/reopen - Mark this issue as fresh with
/remove-lifecycle rotten - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
@k8s-triage-robot: Closing this issue, marking it as "Not Planned".
In response to this:
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied- After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied- After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closedYou can:
- Reopen this issue with
/reopen- Mark this issue as fresh with
/remove-lifecycle rotten- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
@cprivitere: Reopened this issue.
In response to this:
/reopen
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.