feat : implementation of BGP readiness probe

[rabelmervin]

Fixes #39468

Add optional BGP readiness probe feedback into cilium-agent health status

[maintainer-s-little-helper]

Commit 9558c87 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

[maintainer-s-little-helper]

Commit 9558c87 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

[gandro]

Thank you! One last piece of feedback, then this looks good from my side. Please make sure to squash your commits and remove the merge commit (as discussed on Slack)

[maintainer-s-little-helper]

Commit 9558c87 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

[squeed]

Can you add a bit more information here? e.g. "When enabled, Cilium pods will not be marked as Ready until configured BGP sessions have been established"

[squeed]

Do we need to worry about a flaky peer causing all pods to go non-Ready? I see that we mark the agent as ready as long as a single peer is up, which is a good idea. We might want to permanently mark the agent as ready once a single session has been fully established. Thoughts (@YutaroHayakawa)?

[gandro]

Thanks. Two formatting issues appeared. Other than that looks good. Please make sure to squash your commits again!

[gandro]

The imports here are now no longer properly formatted

[gandro]

This is an issue again

[maintainer-s-little-helper]

Commit 9558c87 does not match "(?m)^Signed-off-by:".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin

[YutaroHayakawa]

Do we need to worry about a flaky peer causing all pods to go non-Ready? I see that we mark the agent as ready as long as a single peer is up, which is a good idea. We might want to permanently mark the agent as ready once a single session has been fully established. Thoughts (@YutaroHayakawa)?

Yeah, given the use case in the original issue (the agent rollout scenario), this makes sense I think. Because we're only interested in the initial readiness in that case. @pasteley, do you have any thoughts around that?

[pasteley]

Do we need to worry about a flaky peer causing all pods to go non-Ready? I see that we mark the agent as ready as long as a single peer is up, which is a good idea. We might want to permanently mark the agent as ready once a single session has been fully established. Thoughts (@YutaroHayakawa)?

Yeah, given the use case in the original issue (the agent rollout scenario), this makes sense I think. Because we're only interested in the initial readiness in that case. @pasteley, do you have any thoughts around that?

Agree, but does it mean that startupProbe should be used instead?
Something like:

startupProbe:
  httpGet:
    path: /bgp/status
    port: 9879
  failureThreshold: 30
  periodSeconds: 10

[YutaroHayakawa]

Agree, but does it mean that startupProbe should be used instead?

Yeah, makes sense to me. However I think we either need to introduce an endpoint dedicated for the startupProbe or introduce modifier to distinguish startup vs readiness in the /healthz endpoint in that case. Implementing it on the existing /healthz doesn't work because it is also used in the readiness probe.

That's gonna be an overkill for this small use case IMO, so I'd vote for the stateful approach that Casey mentioned (mark BGP "ready" permanently after initial session establishment).

[dylandreimerink]

/test

[gandro]

Thanks! Please make sure to address the unresolved feedback and squash your commits into one again.

[gandro]

Also note that CI is failing because the Helm and API files need to be re-generated.

[joestringer]

Is the API change necessary if there's just a commandline flag for this?

The intent for API change would be if there is a flag on the cilium-dbg status ... command-line to optionally require BGP readiness in certain scenarios. If instead you're deploying the cilium-agent with a static requirement based on a cilium-agent flag, then you don't need these API changes at all.

[joestringer]

Converting to draft while you address the feedback. When that is complete, use the "ready for review" button at the bottom of the page.

I also added a proposed release note into the description to help communicate this feature more clearly to users.

[github-actions]

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

[github-actions]

This pull request has not seen any activity since it was marked stale.
Closing.

[rabelmervin]

This pull request has not seen any activity since it was marked stale. Closing.

still working on this

[github-actions]

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

[github-actions]

This pull request has not seen any activity since it was marked stale.
Closing.