Calico uses the hash of the ipv6 address to derive a router-id if it's not provided. Defining a router-id for each server is rather annoying especially in presence of auto-scaling and ephemeral nodes. Would it be possible to have some form of "IPAM" for router-IDs? Having to manually set them does not scale well :(

This is a good point.

We have discussed a bit about IPAM for router-IDs, and it definitely wasn't a no-go. More, a time constraint desicion not to add it for this initial merge.

The hashing of the IPv6 address is an interesting one for an "auto generated" way of going about it.

I think we had discussed with our teams how network admins may want to hard code router ids, as they pen-and-paper design their networks. Generation can causes surprises in some cases.

I'd be happy to cater to both use cases, ones where the net admins want to be completely explicit, and ones where generation is OK and helps lessen the administrative burden.

What is the point of the Operator-Side ? not clear from me from the documentation but might be nice to know

Right now this is a bit in flux.

When the PR started we were looking to fork lift MetalLB code into our new native solution.
MetalLB couples the "LoadBalancer IP" advertisements with its internal "Bare Metal LoadBalancer" feature. They are one thing, and they act at the "cluster-wide" operator level. So when the initial CFP for this feature took place, we were planning on emulating that.

After a big of further discussion, I think the consensus is, a "Bare Metal LoadBalancer" feature is orthoganol in implementation to a "LoadBalancer IP" advertisement feature. One can exist without the other, but the latter can integrate with the former.

Moving forward, I think (don't quote me on this yet, we are still planning) we will create a "bare metal load balancer" feature on its own and potentially drop this "Operator-Side" architecture, or change its usages to suppor something like "router-id IPAM" as you mentioned earlier.

For now, we can probably omit it in the docs, but it slid in with the large change.

Does this mean that the k8s watcher initialization is done separately from this code? I would much prefer if we can avoid skipping here if possible, since this is the mechanism that we use to properly disable k8s resource sync unconditionally across the codebase, so any exceptions can end up having repercussions on builds where we explicitly intend to disable certain functionality (for instance, in EKSA we use this mechanism to remove features that downstream do not wish to support, which includes this BGP support for now).

Feel free to hit me up for more context on this, maybe that'll help to figure out a good way to make this more maintainable.

Might be worth cross-linking the remarks to #19376

(Adding this comment so that at least it will show up in the Github UI for that ticket :) )

@joestringer we skip the watchers registration here due to the BGP control plane managing its own informers and listers:

This was an initial attempt to avoid head of line blocking in the watcher code, and an implementation of: https://docs.google.com/document/d/1gybVpFOrnjJFLZEMwp_VQJZGQSZ30_pVo2VA2fylBFM/edit#

👍 okay cool, maybe I'll just hit you up then to see if there's a way to control the k8s registration all from one place then with this model then, because otherwise it'll be a pain to continue to support things like EKS-A going forwards if we have to track each feature individually registering CRD resources and also k8s watchers all over the codebase. Background is this PR: #17677

^ We discussed out of band, it's on me to come up with a concrete proposal of how we might improve this.