From 5684610a55cc0ebac1ee17e8718187b2fa62d378 Mon Sep 17 00:00:00 2001 From: Oogy Date: Thu, 12 May 2022 00:39:15 -0400 Subject: [PATCH] Support metallb peer password (#8792) * support metallb peer password * add MetalLB BGP password example --- docs/metallb.md | 13 +++++++++++++ .../metallb/templates/metallb-config.yml.j2 | 3 +++ 2 files changed, 16 insertions(+) diff --git a/docs/metallb.md b/docs/metallb.md index 984cd9bfa..71fabde47 100644 --- a/docs/metallb.md +++ b/docs/metallb.md @@ -54,6 +54,19 @@ metallb_peers: my_asn: 4200000000 ``` +Some upstream BGP peers may require password authentication: + +```yaml +metallb_protocol: bgp +metallb_ip_range: + - 10.5.0.0/16 +metallb_peers: + - peer_address: 192.0.2.1 + peer_asn: 64512 + my_asn: 4200000000 + password: "changeme" +``` + When using calico >= 3.18 you can replace MetalLB speaker by calico Service LoadBalancer IP advertisement. See [calico service IPs advertisement documentation](https://docs.projectcalico.org/archive/v3.18/networking/advertise-service-ips#advertise-service-load-balancer-ip-addresses). In this scenarion you should disable the MetalLB speaker and configure the `calico_advertise_service_loadbalancer_ips` to match your `metallb_ip_range` diff --git a/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 b/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 index abfcb92b8..9bd753871 100644 --- a/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 +++ b/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 @@ -12,6 +12,9 @@ data: - peer-address: {{ peer.peer_address }} peer-asn: {{ peer.peer_asn }} my-asn: {{ peer.my_asn }} +{% if peer.password is defined %} + password: "{{ peer.password }}" +{% endif %} {% if peer.source_address is defined %} source-address: {{ peer.source_address }} {% endif %}