From 91d6d0784f4ceb9b646a344c7e761943aabd21df Mon Sep 17 00:00:00 2001
From: Yossi Boaron <yboaron@redhat.com>
Date: Sun, 8 Sep 2024 12:02:20 +0300
Subject: [PATCH] Explicitly disable BGP export for Calico IPPools

We recently noticed that sometimes (probably after node reboots)
static routes to remote cluster CIDRs added by RouteAgent are overridden
by Calico (proto = bird) even though IPPool is set with Disabled=true.
Routes added by Calico point inter-cluster traffic to default interface
instead of vx-submariner which breaks datapath.

Adding DisableBGPExport=true to IPPool solves this issue.

Signed-off-by: Yossi Boaron <yboaron@redhat.com>
---
 pkg/routeagent_driver/handlers/calico/ippool_handler.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/routeagent_driver/handlers/calico/ippool_handler.go b/pkg/routeagent_driver/handlers/calico/ippool_handler.go
index 60371598d..2e989728c 100644
--- a/pkg/routeagent_driver/handlers/calico/ippool_handler.go
+++ b/pkg/routeagent_driver/handlers/calico/ippool_handler.go
@@ -161,9 +161,10 @@ func (h *calicoIPPoolHandler) createIPPool(endpoint *submV1.Endpoint) error {
 				Labels: map[string]string{SubmarinerIPPool: "true"},
 			},
 			Spec: calicoapi.IPPoolSpec{
-				CIDR:        subnet,
-				NATOutgoing: false,
-				Disabled:    true,
+				CIDR:             subnet,
+				NATOutgoing:      false,
+				Disabled:         true,
+				DisableBGPExport: true,
 			},
 		}
 		_, err := h.client.ProjectcalicoV3().IPPools().Create(context.TODO(), iPPoolObj, metav1.CreateOptions{})