From 6548223fccbc11f12446d24902d30a01ca0a1d82 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <j.rijken@acc-ict.com>
Date: Tue, 6 Sep 2022 16:52:34 +0200
Subject: [PATCH] Syntax fixes

---
 .../metallb/templates/layer3.yaml.j2          | 70 +++++++++++++------
 .../metallb/templates/pools.yaml.j2           |  2 +-
 2 files changed, 48 insertions(+), 24 deletions(-)

diff --git a/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2 b/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2
index 860e0484ced..b7a9dfd7141 100644
--- a/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2
+++ b/roles/kubernetes-apps/metallb/templates/layer3.yaml.j2
@@ -11,15 +11,41 @@ metadata:
   name: "{{ community_name }}"
   namespace: "{{ namespace_name }}"
 spec:
-  community:
+  communities:
   - name: "{{ community_name }}"
     value: "{{ community }}"
 {% endfor %}
 
+---
+apiVersion: metallb.io/v1beta1
+kind: Community
+metadata:
+  name: well-known
+  namespace: "{{ namespace_name }}"
+spec:
+  communities:
+  - name: no-export
+    value: 65535:65281
+  - name: no-advertise
+    value: 65535:65282
+  - name: local-as
+    value: 65535:65283
+  - name: nopeer
+    value: 65535:65284
+
+# BGPAdvertisement is used to advertise address pools to the BGP peer. Specific pools can be listed to be advertised.
+# Local BGP Advertisement specifies that the IP specified in the address pool will be used as remote source address for traffic entering your cluster from the remote peer.
+# When using this option, be sure to use a subnet and routable IP for your address pool.
+# This is good: 10.0.0.10/24. This is also good: 10.0.0.129/25. This is bad: 10.0.0.0/24. This is also bad: 10.0.0.128/25.
+# In this example, 10.0.0.10 will be used as the remote source address.
+# This is also bad: 10.0.0.10-10.0.0.25. Remember: you are working with aggregationLength, which specifies a subnet, not an IP range!
+# The no-advertise community is set on the local advertisement to prevent this route from being published to the BGP peer.
+# Your aggregationLength ideally is the same size as your address pool.
+
 {% for peer_name, peer in metallb_config.layer3.metallb_peers.items() %}
 
-# BGPAdvertisement is used to advertise the specified address pool to the BGP peer.
-# Local BGP Advertisement specifies that the IP specified in the address pool will be used as source address for traffic entering your cluster from the remote peer.
+{% if peer.aggregation_length is defined and peer.aggregation_length <= 30 %}
+
 ---
 apiVersion: metallb.io/v1beta1
 kind: BGPAdvertisement
@@ -27,21 +53,19 @@ metadata:
   name: "{{ peer_name }}-local"
   namespace: "{{ namespace_name }}"
 spec:
+  aggregationLength: 32
+  aggregationLengthV6: 128
+  communities:
+  - no-advertise
+  localpref: "{{ peer.localpref | default ("100") }}"
   ipAddressPools:
   {% for address_pool in peer.address_pool %}
   - "{{ address_pool }}"
   {% endfor %}
-  {% if peer.advanced | length > 0 %}
-  aggregationLength: 32
-  localpref: "{{ peer.localpref | default ("100") }}"
-  communities:
-  {% for community in peer.communities %}
-  - "{{ community }}"
-  {% endfor %}
-  {% endif %}
 
+{% endif %}
 
-# External GBP Advertisement. The IP range specied in the address pool is advertized to the BGP peer.
+# External BGP Advertisement. The IP range specied in the address pool is advertised to the BGP peer.
 ---
 apiVersion: metallb.io/v1beta1
 kind: BGPAdvertisement
@@ -49,16 +73,22 @@ metadata:
   name: "{{ peer_name }}-external"
   namespace: "{{ namespace_name }}"
 spec:
+  {% if peer.aggregation_length is defined and peer.aggregation_length <= 30 %}
+  aggregationLength: {{ peer.aggregation_length }}
+  {% endif %}
   ipAddressPools:
   {% for address_pool in peer.address_pool %}
   - "{{ address_pool }}"
   {% endfor %}
-  {% if peer.advanced | length > 0 %}
-  aggregationLength: "{{ peer.aggregation_length }}"
+  {% if peer.communities is defined %}
+    {% for community in peer.communities %}
+  communities:
+  - "{{ community }}"
+    {% endfor %}
   {% endif %}
 
 
-# Configuration for the GBP peer.
+# Configuration for the BGP peer.
 ---
 apiVersion: metallb.io/v1beta2
 kind: BGPPeer
@@ -86,18 +116,12 @@ spec:
 
   {% if peer.hold_time is defined %}
   holdTime: {{ peer.hold_time }}
-  {% else %}
+  {% elif metallb_config.layer3.defaults.hold_time is defined %}
   holdTime: {{ metallb_config.layer3.defaults.hold_time }}
   {% endif %}
 
-  {% if peer.keepalive_time is defined %}
-  keepaliveTime: {{ peer.keepalive_time }}
-  {% else %}
-  keepaliveTime: {{ metallb_config.layer3.defaults.keepalive_time }}
-  {% endif %}
-
   {% if peer.multihop is defined %}
-  elayer3MultiHop: "{{ peer.multihop }}"
+  ebgpMultiHop: {{ peer.multihop }}
   {% endif %}
 
 {% endfor %}
diff --git a/roles/kubernetes-apps/metallb/templates/pools.yaml.j2 b/roles/kubernetes-apps/metallb/templates/pools.yaml.j2
index 97133b395a4..61cefbabf11 100644
--- a/roles/kubernetes-apps/metallb/templates/pools.yaml.j2
+++ b/roles/kubernetes-apps/metallb/templates/pools.yaml.j2
@@ -16,7 +16,7 @@ spec:
   addresses:
   - "{{ ip_range }}"
 {% endfor %}
-  auto-assign: "{{ pool.auto_assign }}"
+  autoAssign: {{ pool.auto_assign }}
   avoidBuggyIPs: true
 
 {% endfor %}