2 ##############################################################################
3 # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may #
6 # not use this file except in compliance with the License. #
8 # You may obtain a copy of the License at #
9 # http://www.apache.org/licenses/LICENSE-2.0 #
11 # Unless required by applicable law or agreed to in writing, software #
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
14 # See the License for the specific language governing permissions and #
15 # limitations under the License. #
16 ##############################################################################
18 schema: 'drydock/BootAction/v1'
20 schema: 'metadata/Document/v1'
22 storagePolicy: 'cleartext'
27 application: 'drydock'
30 schema: pegleg/CommonAddresses/v1
31 name: common-addresses
32 path: .kubernetes.pod_cidr
35 pattern: DH_SUB_POD_CIDR
39 - path: /etc/systemd/system/configure-ip-rules.service
44 Description=IP Rules Initialization Service
45 After=network-online.target local-fs.target
49 ExecStart=/opt/configure-ip-rules.sh -g 172.29.1.1 -c 10.99.0.0/16 -s 172.29.1.136/29
52 WantedBy=multi-user.target
55 - path: /opt/configure-ip-rules.sh
68 -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. 10.99.0.0/16
69 -i INTERFACE The interface for internal pod traffic, e.g. bond1.2006
70 -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
71 INTERFACE. It is used to provide a work around when
72 complete Calico routes cannot be received via BGP.
73 e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
74 -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
82 while getopts ":c:hi:o:s:" o; do
95 OVERLAP_CIDR=${OPTARG}
98 SERVICE_CIDR=${OPTARG}
101 echo "Unknown option: -${OPTARG}" >&2
105 echo "Missing argument for option: -${OPTARG}" >&2
109 echo "Unimplemented option: -${OPTARG}" >&2
116 if [ "x$POD_CIDR" == "x" ]; then
117 echo "Missing pod CIDR, e.g -c 10.99.0.0/16" >&2
122 if [ "x$INTERFACE" == "x" ]; then
123 echo "Missing interface, e.g. -i bond1.2006" >&2
128 while ! ip route list dev "${INTERFACE}" > /dev/null; do
129 echo Waiting for device "${INTERFACE}" to be ready. >&2
133 intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
137 # Setup a routing table for traffic from service IPs
138 ip route flush table "${TABLE}"
139 ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
141 if [ "x$OVERLAP_CIDR" != "x" ]; then
142 # NOTE(mb874d): This is a work-around for nodes not receiving complete
143 # routes via BGP. It may also be required for brownfield large sites.
144 ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
147 if [ "x$SERVICE_CIDR" != "x" ]; then
148 # Traffic from the service IPs to pods should use the pod network.
150 from "${SERVICE_CIDR}" \
154 # Other traffic from service IPs should only use the VRRP IP
156 from "${SERVICE_CIDR}" \