From 5684610a55cc0ebac1ee17e8718187b2fa62d378 Mon Sep 17 00:00:00 2001
From: Oogy <tylerweldon94+github@gmail.com>
Date: Thu, 12 May 2022 00:39:15 -0400
Subject: [PATCH] Support metallb peer password (#8792)

* support metallb peer password

* add MetalLB BGP password example
---
 docs/metallb.md                                     | 13 +++++++++++++
 .../metallb/templates/metallb-config.yml.j2         |  3 +++
 2 files changed, 16 insertions(+)

diff --git a/docs/metallb.md b/docs/metallb.md
index 984cd9bfa..71fabde47 100644
--- a/docs/metallb.md
+++ b/docs/metallb.md
@@ -54,6 +54,19 @@ metallb_peers:
     my_asn: 4200000000
 ```
 
+Some upstream BGP peers may require password authentication:
+
+```yaml
+metallb_protocol: bgp
+metallb_ip_range:
+  - 10.5.0.0/16
+metallb_peers:
+  - peer_address: 192.0.2.1
+    peer_asn: 64512
+    my_asn: 4200000000
+    password: "changeme"
+```
+
 When using calico >= 3.18 you can replace MetalLB speaker by calico Service LoadBalancer IP advertisement.
 See [calico service IPs advertisement documentation](https://docs.projectcalico.org/archive/v3.18/networking/advertise-service-ips#advertise-service-load-balancer-ip-addresses).
 In this scenarion you should disable the MetalLB speaker and configure the `calico_advertise_service_loadbalancer_ips` to match your `metallb_ip_range`
diff --git a/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2 b/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2
index abfcb92b8..9bd753871 100644
--- a/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2
+++ b/roles/kubernetes-apps/metallb/templates/metallb-config.yml.j2
@@ -12,6 +12,9 @@ data:
     - peer-address: {{ peer.peer_address }}
       peer-asn: {{ peer.peer_asn }}
       my-asn: {{ peer.my_asn }}
+{% if peer.password is defined %}
+      password: "{{ peer.password }}"
+{% endif %}
 {% if peer.source_address is defined %}
       source-address: {{ peer.source_address }}
 {% endif %}
-- 
GitLab