blob: b8ac7db83894d0c473c7f74aa520215bbad4f520 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#!/bin/bash
set -e
CNI_VERSION=${CNI_VERSION:-"v0.8.5"}
IMAGE_ARC=${IMAGE_ARC:-"amd64"}
create_kubeconfig() {
# Make a ovn4nfv.d directory (for our kubeconfig)
# Inspired from t.ly/Xgbbe
mkdir -p $CNI_CONF_DIR/ovn4nfv-k8s.d
OVN4NFV_KUBECONFIG=$CNI_CONF_DIR/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig
SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount
KUBE_CA_FILE=${KUBE_CA_FILE:-$SERVICE_ACCOUNT_PATH/ca.crt}
SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false}
# Check if we're running as a k8s pod.
if [ -f "$SERVICE_ACCOUNT_PATH/token" ]; then
# We're running as a k8d pod - expect some variables.
if [ -z ${KUBERNETES_SERVICE_HOST} ]; then
error "KUBERNETES_SERVICE_HOST not set"; exit 1;
fi
if [ -z ${KUBERNETES_SERVICE_PORT} ]; then
error "KUBERNETES_SERVICE_PORT not set"; exit 1;
fi
if [ "$SKIP_TLS_VERIFY" == "true" ]; then
TLS_CFG="insecure-skip-tls-verify: true"
elif [ -f "$KUBE_CA_FILE" ]; then
TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
fi
# Write a kubeconfig file for the CNI plugin. Do this
# to skip TLS verification for now. We should eventually support
# writing more complete kubeconfig files. This is only used
# if the provided CNI network config references it.
touch $OVN4NFV_KUBECONFIG
chmod ${KUBECONFIG_MODE:-600} $OVN4NFV_KUBECONFIG
cat > $OVN4NFV_KUBECONFIG <<EOF
# Kubeconfig file for OVN4NFV-K8S CNI plugin.
apiVersion: v1
kind: Config
clusters:
- name: local
cluster:
server: ${KUBERNETES_SERVICE_PROTOCOL:-https}://[${KUBERNETES_SERVICE_HOST}]:${KUBERNETES_SERVICE_PORT}
$TLS_CFG
users:
- name: ovn4nfv
user:
token: "${SERVICEACCOUNT_TOKEN}"
contexts:
- name: ovn4nfv-context
context:
cluster: local
user: ovn4nfv
current-context: ovn4nfv-context
EOF
else
warn "Doesn't look like we're running in a kubernetes environment (no serviceaccount token)"
fi
}
install_cni_plugins() {
curl --insecure --compressed -O -L https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION/cni-plugins-linux-$IMAGE_ARC-$CNI_VERSION.tgz
tar -zxvf cni-plugins-linux-$IMAGE_ARC-$CNI_VERSION.tgz -C $CNI_BIN_DIR
rm -rf cni-plugins-linux-$IMAGE_ARC-$CNI_VERSION.tgz
}
set_snat_default_inteface() {
default_interface=$(awk '$2 == 00000000 { print $1 }' /proc/net/route)
# Checking the SNAT for default interfaces
if ! iptables -t nat -C POSTROUTING -o $default_interface -j MASQUERADE 2>/dev/null ; then
iptables -t nat -A POSTROUTING -o $default_interface -j MASQUERADE
fi
}
cmd=${1:-""}
case ${cmd} in
"cni")
CNI_BIN_DIR="/host/opt/cni/bin"
OVN4NFV_CONF_DIR="/host/etc/openvswitch"
OVN4NFV_BIN_FILE="/usr/local/bin/ovn4nfvk8s-cni"
OVN4NFV_CONF_FILE="/tmp/ovn4nfv-conf/ovn4nfv_k8s.conf"
OVN4NFV_NET_CONF_FILE="/tmp/ovn4nfv-cni/00-network.conf"
CNI_CONF_DIR="/host/etc/cni/net.d"
cp -f $OVN4NFV_BIN_FILE $CNI_BIN_DIR
cp -f $OVN4NFV_CONF_FILE $OVN4NFV_CONF_DIR
cp -f $OVN4NFV_NET_CONF_FILE $CNI_CONF_DIR
set_snat_default_inteface
create_kubeconfig
install_cni_plugins
# Sleep forever.
sleep infinity
;;
"operator")
shift
exec ${OPERATOR} $@
;;
"agent")
shift
exec ${AGENT} $@
;;
*)
echo "invalid command ${cmd}"
esac
|
