Skip to content

Inject MTU for CAPM3 infra

Bogdan-Adrian Burciu requested to merge bb/capm3-mtu into main

What does this MR do and why?

Closes #1184 (closed)

The only CNI option available at this time is Calico, which documents MTU size recommendations here.
For environments where network MTU is set to 1500B, since our default install of Calico is with VXLAN encapsulation for IPv4 traffic, the MTU for Calico's VXLAN interface would be enforced to 1450, as showed in #1184 (closed) error log.
We can observe this on a libvirt-metal (rke2-capm3-virt) node also:

management-cluster-management-cp-0:/home/sylva-user # ip a
:
8: vxlan.calico: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 66:93:0c:91:10:db brd ff:ff:ff:ff:ff:ff
    inet 100.72.225.192/32 scope global vxlan.calico
       valid_lft forever preferred_lft forever
    inet6 fe80::6493:cff:fe91:10db/64 scope link
       valid_lft forever preferred_lft forever
:

Additionally, if Wireguard is used for Calico, the MTU is 1440 (IPv4 VXLAN encapsulation uses a 50-byte header and IPv4 WireGuard encapsulation uses a 60-byte header).
This change sets .cluster.capm3.network_interfaces.mtu to one of these two 1440/1450 values (depending whether or not WireGuard is to be used), only for CAPM3 infra.

[git:bb/capm3-mtu]root@caasdev:sylva-core # helm template charts/sylva-units/ -s templates/sylva-units-values.yaml --set cluster.capi_providers.infra_provider=capm3 --values environment-values/rke2-capm3-virt/secrets.yaml --values environment-values/rke2-capm3-virt/values.yaml --set units.longhorn.enabled=false | yq eval 'select(.metadata.name == "sylva-units-values" and .kind == "Secret").stringData.values' - | yq .cluster.capm3.network_interfaces
mtu: "1450"
[git:bb/capm3-mtu]root@caasdev:sylva-core # helm template charts/sylva-units/ -s templates/sylva-units-values.yaml --set cluster.capi_providers.infra_provider=capm3 --values environment-values/rke2-capm3-virt/secrets.yaml --values environment-values/rke2-capm3-virt/values.yaml --set units.longhorn.enabled=false --set security.calico_wireguard_enabled=true | yq eval 'select(.metadata.name == "sylva-units-values" and .kind == "Secret").stringData.values' - | yq .cluster.capm3.network_interfaces
mtu: "1440"
[git:bb/capm3-mtu]root@caasdev:sylva-core # helm template charts/sylva-units/ -s templates/sylva-units-values.yaml --set cluster.capi_providers.infra_provider=capd --values environment-values/rke2-capm3-virt/secrets.yaml --values environment-values/rke2-capm3-virt/values.yaml --set units.longhorn.enabled=false | yq eval 'select(.metadata.name == "sylva-units-values" and .kind == "Secret").stringData.values' - | yq .cluster.capm3
image_provisioning_host: 55.55.55.55
machine_image_checksum_type: sha256
network_interfaces: {}
[git:bb/capm3-mtu]root@caasdev:sylva-core#

Related reference(s)

Test coverage

Edited by Bogdan-Adrian Burciu

Merge request reports