2 schema: pegleg/Script/v1
4 schema: metadata/Document/v1
5 name: configure-ip-rules
6 storagePolicy: cleartext
18 -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
19 -i INTERFACE (optional) The interface for internal pod traffic, e.g.
20 bond0.22. Used to auto-detect the service gateway.
22 -g SERVICE_GW (optional) The service gateway/VRR IP for routing pod
23 traffic. Exclusive with -i.
24 -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
25 INTERFACE. It is used to provide a work around when
26 complete Calico routes cannot be received via BGP.
27 e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
28 -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
36 while getopts ":c:g:hi:o:s:" o; do
52 OVERLAP_CIDR=${OPTARG}
55 SERVICE_CIDR=${OPTARG}
58 echo "Unknown option: -${OPTARG}" >&2
62 echo "Missing argument for option: -${OPTARG}" >&2
66 echo "Unimplemented option: -${OPTARG}" >&2
73 if [ "x$POD_CIDR" == "x" ]; then
74 echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
79 if [ "x$INTERFACE" != "x" ]; then
80 while ! ip route list dev "${INTERFACE}" > /dev/null; do
81 echo Waiting for device "${INTERFACE}" to be ready. >&2
87 if [ "x${SERVICE_GW}" == "x" ]; then
88 intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
90 intra_vrrp_ip=${SERVICE_GW}
95 if [ "x${intra_vrrp_ip}" == "x" ]; then
96 echo "Either INTERFACE or SERVICE_GW is required: e.g. either -i bond0.22 or -g 10.23.22.1"
101 # Setup a routing table for traffic from service IPs
102 ip route flush table "${TABLE}"
103 ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
105 # Setup arp_announce adjustment on interface facing gateway
106 arp_intf=$(ip route get ${intra_vrrp_ip} | grep dev | awk '{print $3}')
107 echo 2 > /proc/sys/net/ipv4/conf/${arp_intf}/arp_announce
110 if [ "x$OVERLAP_CIDR" != "x" ]; then
111 # NOTE: This is a work-around for nodes not receiving complete
113 ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
116 if [ "x$SERVICE_CIDR" != "x" ]; then
117 # Traffic from the service IPs to pods should use the pod network.
119 from "${SERVICE_CIDR}" \
123 # Other traffic from service IPs should only use the VRRP IP
125 from "${SERVICE_CIDR}" \