2 ##############################################################################
3 # Copyright © 2018 AT&T Intellectual Property. All rights reserved. #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may #
6 # not use this file except in compliance with the License. #
8 # You may obtain a copy of the License at #
9 # http://www.apache.org/licenses/LICENSE-2.0 #
11 # Unless required by applicable law or agreed to in writing, software #
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
14 # See the License for the specific language governing permissions and #
15 # limitations under the License. #
16 ##############################################################################
18 schema: 'drydock/BootAction/v1'
20 schema: 'metadata/Document/v1'
22 storagePolicy: 'cleartext'
27 application: 'drydock'
30 schema: pegleg/CommonAddresses/v1
31 name: common-addresses
32 path: .kubernetes.pod_cidr
35 pattern: DH_SUB_POD_CIDR
39 - path: /etc/systemd/system/configure-ip-rules.service
44 Description=IP Rules Initialization Service
45 After=network-online.target local-fs.target
49 #ExecStart=/opt/configure-ip-rules.sh -i bond1.2406 -c DH_SUB_POD_CIDR -o 10.34.0.0/15 -s 135.21.157.32/29
50 #ExecStart=/opt/configure-ip-rules.sh -i bond0.44 -c DH_SUB_POD_CIDR -o 10.99.0.0/16 -s 172.29.1.0/24
51 ExecStart=/opt/configure-ip-rules.sh -g 172.29.1.1 -c 10.99.0.0/16 -s 172.29.1.136/29
56 WantedBy=multi-user.target
59 - path: /opt/configure-ip-rules.sh
72 -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
73 -i INTERFACE The interface for internal pod traffic, e.g. bond1.2006
74 -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
75 INTERFACE. It is used to provide a work around when
76 complete Calico routes cannot be received via BGP.
77 e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
78 -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
86 while getopts ":c:hi:o:s:" o; do
99 OVERLAP_CIDR=${OPTARG}
102 SERVICE_CIDR=${OPTARG}
105 echo "Unknown option: -${OPTARG}" >&2
109 echo "Missing argument for option: -${OPTARG}" >&2
113 echo "Unimplemented option: -${OPTARG}" >&2
120 if [ "x$POD_CIDR" == "x" ]; then
121 echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
126 if [ "x$INTERFACE" == "x" ]; then
127 echo "Missing interface, e.g. -i bond1.2006" >&2
132 while ! ip route list dev "${INTERFACE}" > /dev/null; do
133 echo Waiting for device "${INTERFACE}" to be ready. >&2
137 intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
141 # Setup a routing table for traffic from service IPs
142 ip route flush table "${TABLE}"
143 ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
145 if [ "x$OVERLAP_CIDR" != "x" ]; then
146 # NOTE(mb874d): This is a work-around for nodes not receiving complete
147 # routes via BGP. It may also be required for brownfield large sites.
148 ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
151 if [ "x$SERVICE_CIDR" != "x" ]; then
152 # Traffic from the service IPs to pods should use the pod network.
154 from "${SERVICE_CIDR}" \
158 # Other traffic from service IPs should only use the VRRP IP
160 from "${SERVICE_CIDR}" \