From 37cc3f6750d4d414ccbb72ae248a470210acbb5a Mon Sep 17 00:00:00 2001 From: Donavan Fritz Date: Fri, 24 Apr 2026 23:02:33 -0500 Subject: [PATCH] runtime: enable BIRD BGP on flock-labeled nodes Calico fenced off via Tigera Installation CR (apps@2121892). flock-agent now renders bird.conf with the per-node BGP peers; bird sidecar reloads on changes (debounced 500ms). Re-render tick every 15s reacts to NodeConfig updates. Co-Authored-By: Claude Sonnet 4.6 (1M context) --- pkg/agent/runtime_linux.go | 39 ++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/pkg/agent/runtime_linux.go b/pkg/agent/runtime_linux.go index 24435a6..c507e38 100644 --- a/pkg/agent/runtime_linux.go +++ b/pkg/agent/runtime_linux.go @@ -65,22 +65,29 @@ func (s *Server) configureRuntime(ctx context.Context) error { if err := bird.SummaryRoutes(nc); err != nil { s.Logger.Warn("install summary routes", "err", err) } - // BGP is intentionally NOT rendered on the first cutover. - // - // Calico's calico-node DaemonSet still runs on this node (it's - // Tigera-Operator-managed via ArgoCD with selfHeal=true) and Calico's - // bird is bound to BGP port 179 with the same ASN we'd advertise from. - // A clean coexistence requires either an Installation-CR change or a - // post-cutover Calico stop. Both are out of scope for the first M2 - // cutover. crt001 carries a static route for the flock /64 instead. - // - // To switch to live BGP later: replace this block with bird.Render(nc, - // ...) + 15s tick re-render, after disabling calico-node on flock- - // labeled nodes. The bird sidecar is already running with a bootstrap - // config (just protocol kernel + device — no BGP), so flipping this on - // is a one-line change here. - s.Logger.Info("BIRD BGP disabled for first cutover; static route on crt001 carries flock /64", - "node_cidr6", nc.Spec.CIDR6, "node_cidr4", nc.Spec.CIDR4) + // Calico is fenced off this node (Tigera Installation CR adds a + // nodeAffinity excluding flock.fritzlab.net/agent on + // calicoNodeDaemonSet). flock now owns BGP from this host. + if err := bird.Render(nc, nil, nil, routerIDFromNodeIP(s.restCfg)); err != nil { + s.Logger.Warn("initial bird render", "err", err) + } + go func() { + t := time.NewTicker(15 * time.Second) + defer t.Stop() + for { + select { + case <-ctx.Done(): + return + case <-t.C: + cur := s.NodeConfig.Load() + if cur == nil { + continue + } + _ = bird.SummaryRoutes(cur) + _ = bird.Render(cur, nil, nil, routerIDFromNodeIP(s.restCfg)) + } + } + }() handler := &PodHandler{ Node: s.Node,