Compatibility with Calico and BGP routing

[nbisson]

Hello,

I have a Kubernetes cluster configured with Calico CNI and BGP routing mode enabled following the recommendations https://docs.tigera.io/calico/latest/networking/determine-best-networking#on-prem.

I would like to extend this cluster via a new provider using Kilo (mixed mode). I noticed that it's currently not possible to use Kilo with this configuration, so I made some modifications to the code:

• Added detection of pod IP updates to enrich the "AllowedIps" attribute of WireGuard using the Status.podIP ;
• Stopped using node CIDR addresses because calico's IPAM plugin doesn't respect the values given to Node.Spec.PodCIDR ;

This modification works but means that with each addition and deletion of a pod, the topology is refreshed, causing minor network disruptions. Do you think it would be worthwhile for me to incorporate these changes into the Kilo product by adding "calico-bgp" compatibility, or would these disruptions not be acceptable ?

Thanks,

[squat]

I think it would absolutely be worthwhile. One of my tasks for this coming week is to modify the WireGuard configuration reconciliation so that adding / changing allowed IPs only requires modifying a single WireGuard peer and doesn't take the entire interface offline / sever existing connections to all unrelated WireGuard peers. I think that coupled with this, your Calico changes would be totally acceptable and would be much less problematic for a cluster.

[imneov]

This modification works but means that with each addition and deletion of a pod, the topology is refreshed, causing minor network disruptions.

Why does pod update cause network jitter? Calico is allocated according to the ippool method. In other words, if the ippool on the node is in the topology, can this problem be avoided?