From 6abf1c69db0c974c0e2f9117da5e1996944a3106 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 14 Oct 2024 05:07:13 +0000 Subject: [PATCH] Bump MetalLB This commit bumps MetalLB: from: 133177a7376fed9954c4bef7f77848e3d3b08ef1 Add log for L2 speaker when node is not usable (#2538) (2024-10-07) to: 2e8ad2dba31bc3cd3d416b08d9e8df1f40a50a50 apply Prometheus best practices to existing alerts (2024-10-11) Signed-off-by: github-actions[bot] --- bin/metallb-operator.yaml | 16 +++++++++++++-- bindata/deployment/helm/metallb/README.md | 6 +++--- .../metallb/templates/prometheusrules.yaml | 20 +++++++++---------- bindata/deployment/helm/metallb/values.yaml | 6 +++--- ...etallb-operator.clusterserviceversion.yaml | 2 +- bundle/manifests/metallb.io_bgppeers.yaml | 16 +++++++++++++-- config/crd/bases/metallb.io_bgppeers.yaml | 16 +++++++++++++-- hack/metallb_ref.txt | 2 +- 8 files changed, 60 insertions(+), 24 deletions(-) diff --git a/bin/metallb-operator.yaml b/bin/metallb-operator.yaml index 751baf492..656175c71 100644 --- a/bin/metallb-operator.yaml +++ b/bin/metallb-operator.yaml @@ -552,6 +552,17 @@ spec: description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. type: boolean + dynamicASN: + description: |- + DynamicASN detects the AS number to use for the remote end of the session + without explicitly setting it via the ASN field. Limited to: + internal - if the neighbor's ASN is different than MyASN connection is denied. + external - if the neighbor's ASN is the same as MyASN the connection is denied. + ASN and DynamicASN are mutually exclusive and one of them must be specified. + enum: + - internal + - external + type: string ebgpMultiHop: description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. @@ -654,7 +665,9 @@ spec: type: object x-kubernetes-map-type: atomic peerASN: - description: AS number to expect from the remote end of the session. + description: |- + AS number to expect from the remote end of the session. + ASN and DynamicASN are mutually exclusive and one of them must be specified. format: int32 maximum: 4294967295 minimum: 0 @@ -681,7 +694,6 @@ spec: type: string required: - myASN - - peerASN - peerAddress type: object status: diff --git a/bindata/deployment/helm/metallb/README.md b/bindata/deployment/helm/metallb/README.md index add286f43..6a7f039e8 100644 --- a/bindata/deployment/helm/metallb/README.md +++ b/bindata/deployment/helm/metallb/README.md @@ -79,17 +79,17 @@ Kubernetes: `>= 1.19.0-0` | prometheus.podMonitor.relabelings | list | `[]` | | | prometheus.prometheusRule.additionalLabels | object | `{}` | | | prometheus.prometheusRule.addressPoolExhausted.enabled | bool | `true` | | -| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"alert"` | | +| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"critical"` | | | prometheus.prometheusRule.addressPoolUsage.enabled | bool | `true` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[0].labels.severity | string | `"warning"` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[0].percent | int | `75` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[1].labels.severity | string | `"warning"` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[1].percent | int | `85` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"alert"` | | +| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"critical"` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[2].percent | int | `95` | | | prometheus.prometheusRule.annotations | object | `{}` | | | prometheus.prometheusRule.bgpSessionDown.enabled | bool | `true` | | -| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"alert"` | | +| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"critical"` | | | prometheus.prometheusRule.configNotLoaded.enabled | bool | `true` | | | prometheus.prometheusRule.configNotLoaded.labels.severity | string | `"warning"` | | | prometheus.prometheusRule.enabled | bool | `false` | | diff --git a/bindata/deployment/helm/metallb/templates/prometheusrules.yaml b/bindata/deployment/helm/metallb/templates/prometheusrules.yaml index e811ef134..64e44c607 100644 --- a/bindata/deployment/helm/metallb/templates/prometheusrules.yaml +++ b/bindata/deployment/helm/metallb/templates/prometheusrules.yaml @@ -19,8 +19,8 @@ spec: {{- if .Values.prometheus.prometheusRule.staleConfig.enabled }} - alert: MetalLBStaleConfig annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has a stale config for > 1 minute'`}} + summary: {{`'Stale config on {{ $labels.pod }}'`}} + description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has a stale config for > 1 minute'`}} expr: metallb_k8s_client_config_stale_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 1 for: 1m {{- with .Values.prometheus.prometheusRule.staleConfig.labels }} @@ -31,8 +31,8 @@ spec: {{- if .Values.prometheus.prometheusRule.configNotLoaded.enabled }} - alert: MetalLBConfigNotLoaded annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has not loaded for > 1 minute'`}} + summary: {{`'Config on {{ $labels.pod }} has not been loaded'`}} + description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has not loaded for > 1 minute'`}} expr: metallb_k8s_client_config_loaded_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 0 for: 1m {{- with .Values.prometheus.prometheusRule.configNotLoaded.labels }} @@ -43,8 +43,8 @@ spec: {{- if .Values.prometheus.prometheusRule.addressPoolExhausted.enabled }} - alert: MetalLBAddressPoolExhausted annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}} + summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}} + description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}} expr: metallb_allocator_addresses_in_use_total >= on(pool) metallb_allocator_addresses_total for: 1m {{- with .Values.prometheus.prometheusRule.addressPoolExhausted.labels }} @@ -57,8 +57,8 @@ spec: {{- range .Values.prometheus.prometheusRule.addressPoolUsage.thresholds }} - alert: MetalLBAddressPoolUsage{{ .percent }}Percent annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}} + summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}} + message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}} expr: ( metallb_allocator_addresses_in_use_total / on(pool) metallb_allocator_addresses_total ) * 100 > {{ .percent }} {{- with .labels }} labels: @@ -69,8 +69,8 @@ spec: {{- if .Values.prometheus.prometheusRule.bgpSessionDown.enabled }} - alert: MetalLBBGPSessionDown annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has BGP session {{ $labels.peer }} down for > 1 minute'`}} + summary: {{`'BGP session down on {{ $labels.pod }}'`}} + message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has BGP session {{ $labels.peer }} down for > 1 minute'`}} expr: metallb_bgp_session_up{job=~"{{ template "metallb.fullname" . }}.*"} == 0 for: 1m {{- with .Values.prometheus.prometheusRule.bgpSessionDown.labels }} diff --git a/bindata/deployment/helm/metallb/values.yaml b/bindata/deployment/helm/metallb/values.yaml index bcb5d88a6..50d26bcad 100644 --- a/bindata/deployment/helm/metallb/values.yaml +++ b/bindata/deployment/helm/metallb/values.yaml @@ -165,7 +165,7 @@ prometheus: addressPoolExhausted: enabled: true labels: - severity: alert + severity: critical addressPoolUsage: enabled: true @@ -178,13 +178,13 @@ prometheus: severity: warning - percent: 95 labels: - severity: alert + severity: critical # MetalLBBGPSessionDown bgpSessionDown: enabled: true labels: - severity: alert + severity: critical extraAlerts: [] diff --git a/bundle/manifests/metallb-operator.clusterserviceversion.yaml b/bundle/manifests/metallb-operator.clusterserviceversion.yaml index 7ee08c644..8b7c126e2 100644 --- a/bundle/manifests/metallb-operator.clusterserviceversion.yaml +++ b/bundle/manifests/metallb-operator.clusterserviceversion.yaml @@ -432,7 +432,7 @@ metadata: categories: Networking certified: "false" containerImage: quay.io/metallb/metallb-operator - createdAt: "2024-10-08T09:25:58Z" + createdAt: "2024-10-14T05:06:10Z" description: An operator for deploying MetalLB on a kubernetes cluster. operators.operatorframework.io/builder: operator-sdk-v1.34.1 operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 diff --git a/bundle/manifests/metallb.io_bgppeers.yaml b/bundle/manifests/metallb.io_bgppeers.yaml index 221388229..1089fcb51 100644 --- a/bundle/manifests/metallb.io_bgppeers.yaml +++ b/bundle/manifests/metallb.io_bgppeers.yaml @@ -208,6 +208,17 @@ spec: description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. type: boolean + dynamicASN: + description: |- + DynamicASN detects the AS number to use for the remote end of the session + without explicitly setting it via the ASN field. Limited to: + internal - if the neighbor's ASN is different than MyASN connection is denied. + external - if the neighbor's ASN is the same as MyASN the connection is denied. + ASN and DynamicASN are mutually exclusive and one of them must be specified. + enum: + - internal + - external + type: string ebgpMultiHop: description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. @@ -310,7 +321,9 @@ spec: type: object x-kubernetes-map-type: atomic peerASN: - description: AS number to expect from the remote end of the session. + description: |- + AS number to expect from the remote end of the session. + ASN and DynamicASN are mutually exclusive and one of them must be specified. format: int32 maximum: 4294967295 minimum: 0 @@ -337,7 +350,6 @@ spec: type: string required: - myASN - - peerASN - peerAddress type: object status: diff --git a/config/crd/bases/metallb.io_bgppeers.yaml b/config/crd/bases/metallb.io_bgppeers.yaml index ed3540cb7..606bee6e8 100644 --- a/config/crd/bases/metallb.io_bgppeers.yaml +++ b/config/crd/bases/metallb.io_bgppeers.yaml @@ -195,6 +195,17 @@ spec: description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. type: boolean + dynamicASN: + description: |- + DynamicASN detects the AS number to use for the remote end of the session + without explicitly setting it via the ASN field. Limited to: + internal - if the neighbor's ASN is different than MyASN connection is denied. + external - if the neighbor's ASN is the same as MyASN the connection is denied. + ASN and DynamicASN are mutually exclusive and one of them must be specified. + enum: + - internal + - external + type: string ebgpMultiHop: description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. @@ -297,7 +308,9 @@ spec: type: object x-kubernetes-map-type: atomic peerASN: - description: AS number to expect from the remote end of the session. + description: |- + AS number to expect from the remote end of the session. + ASN and DynamicASN are mutually exclusive and one of them must be specified. format: int32 maximum: 4294967295 minimum: 0 @@ -324,7 +337,6 @@ spec: type: string required: - myASN - - peerASN - peerAddress type: object status: diff --git a/hack/metallb_ref.txt b/hack/metallb_ref.txt index 43bf3fbde..8ed327016 100644 --- a/hack/metallb_ref.txt +++ b/hack/metallb_ref.txt @@ -1 +1 @@ -133177a7376fed9954c4bef7f77848e3d3b08ef1 +2e8ad2dba31bc3cd3d416b08d9e8df1f40a50a50