diff --git a/pkg/agent/runtime_linux.go b/pkg/agent/runtime_linux.go index 1ea06a2..24435a6 100644 --- a/pkg/agent/runtime_linux.go +++ b/pkg/agent/runtime_linux.go @@ -54,35 +54,33 @@ func (s *Server) configureRuntime(ctx context.Context) error { } bird := &BirdManager{ - NodeName: s.Node, - ConfigPath: "/etc/flock/bird/bird.conf", + NodeName: s.Node, + ConfigPath: "/etc/flock/bird/bird.conf", BirdcSocket: "/run/flock/bird.ctl", - Logger: s.Logger, + Logger: s.Logger, } + // Install kernel blackhole routes for the node summary CIDRs. These + // stay regardless of BGP — they keep the kernel from sending unknown + // destinations within our /64 to a default route loop. if err := bird.SummaryRoutes(nc); err != nil { s.Logger.Warn("install summary routes", "err", err) } - if err := bird.Render(nc, nil, nil, routerIDFromNodeIP(s.restCfg)); err != nil { - s.Logger.Warn("initial bird render", "err", err) - } - // Re-render whenever NodeConfig changes (cheap). - go func() { - t := time.NewTicker(15 * time.Second) - defer t.Stop() - for { - select { - case <-ctx.Done(): - return - case <-t.C: - cur := s.NodeConfig.Load() - if cur == nil { - continue - } - _ = bird.SummaryRoutes(cur) - _ = bird.Render(cur, nil, nil, routerIDFromNodeIP(s.restCfg)) - } - } - }() + // BGP is intentionally NOT rendered on the first cutover. + // + // Calico's calico-node DaemonSet still runs on this node (it's + // Tigera-Operator-managed via ArgoCD with selfHeal=true) and Calico's + // bird is bound to BGP port 179 with the same ASN we'd advertise from. + // A clean coexistence requires either an Installation-CR change or a + // post-cutover Calico stop. Both are out of scope for the first M2 + // cutover. crt001 carries a static route for the flock /64 instead. + // + // To switch to live BGP later: replace this block with bird.Render(nc, + // ...) + 15s tick re-render, after disabling calico-node on flock- + // labeled nodes. The bird sidecar is already running with a bootstrap + // config (just protocol kernel + device — no BGP), so flipping this on + // is a one-line change here. + s.Logger.Info("BIRD BGP disabled for first cutover; static route on crt001 carries flock /64", + "node_cidr6", nc.Spec.CIDR6, "node_cidr4", nc.Spec.CIDR4) handler := &PodHandler{ Node: s.Node,