openstack-helm-infra/calico/templates/etc/bird/_bird.cfg.mesh.template.tpl
Alan Meadows c10713bde9 Provide additional flexibility for the calico chart
* Ingests the bird templates so that we can override them
to support things such as custom BGP ports (listen) and
neighbors (remote)

* Supports announcing addresses that are within the
.Values.networking.bgp.ipv4|6.additional_cidrs list
in support of ingress controllers that can create
dummy interfaces and assign addresses to be announced

* Introduces a new job to perform calicoctl manipulation to
support manipulating the mesh, adding peers, and changing the
ipPool settings which is value driven

* Support custom port binding and specific interface binding
to allow custom BGP port selection for IPv4 and IPv6

* Instantiates calicoctl as a utility on hosts

* Adds a new function to helm-toolkit to retrieve the http
or https prefix for an endpoint

* Supports https based etcd backends with new certificate
parameters

* Finally, introduces more strict bgp listening to allow
multiple hostNet bgp speakers to run in parallel

Change-Id: Ib4d00befddbd8498b9dcc693409b8b2577458497
2018-01-30 08:43:04 -08:00

106 lines
4.8 KiB
Smarty

# Generated by confd
include "bird_aggr.cfg";
include "custom_filters.cfg";
include "bird_ipam.cfg";
{{`{{$node_ip_key := printf "/host/%s/ip_addr_v4" (getenv "NODENAME")}}`}}{{`{{$node_ip := getv $node_ip_key}}`}}
# ensure we only listen to a specific ip and address
listen bgp address {{`{{$node_ip}}`}} port {{.Values.networking.bgp.ipv4.mesh.port.listen}};
router id {{`{{$node_ip}}`}};
{{`{{define "LOGGING"}}`}}
{{`{{$node_logging_key := printf "/host/%s/loglevel" (getenv "NODENAME")}}`}}{{`{{if exists $node_logging_key}}`}}{{`{{$logging := getv $node_logging_key}}`}}
{{`{{if eq $logging "debug"}}`}} debug all;{{`{{else if ne $logging "none"}}`}} debug { states };{{`{{end}}`}}
{{`{{else if exists "/global/loglevel"}}`}}{{`{{$logging := getv "/global/loglevel"}}`}}
{{`{{if eq $logging "debug"}}`}} debug all;{{`{{else if ne $logging "none"}}`}} debug { states };{{`{{end}}`}}
{{`{{else}}`}} debug { states };{{`{{end}}`}}
{{`{{end}}`}}
# Configure synchronization between routing tables and kernel.
protocol kernel {
learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 2; # Scan kernel routing table every 2 seconds
import all;
export filter calico_ipip; # Default is export none
graceful restart; # Turn on graceful restart to reduce potential flaps in
# routes when reloading BIRD configuration. With a full
# automatic mesh, there is no way to prevent BGP from
# flapping since multiple nodes update their BGP
# configuration at the same time, GR is not guaranteed to
# work correctly in this scenario.
}
# Watch interface up/down events.
protocol device {
{{`{{template "LOGGING"}}`}}
scan time 2; # Scan interfaces every 2 seconds
}
protocol direct {
{{`{{template "LOGGING"}}`}}
interface -"cali*", "*"; # Exclude cali* but include everything else.
}
{{`{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}`}}
# Template for all BGP clients
template bgp bgp_template {
{{`{{template "LOGGING"}}`}}
description "Connection to BGP peer";
local as {{`{{if exists $node_as_key}}`}}{{`{{getv $node_as_key}}`}}{{`{{else}}`}}{{`{{getv "/global/as_num"}}`}}{{`{{end}}`}};
multihop;
gateway recursive; # This should be the default, but just in case.
import all; # Import all routes, since we don't know what the upstream
# topology is and therefore have to trust the ToR/RR.
export filter calico_pools; # Only want to export routes for workloads.
next hop self; # Disable next hop processing and always advertise our
# local address as nexthop
source address {{`{{$node_ip}}`}}; # The local address we use for the TCP connection
add paths on;
graceful restart; # See comment in kernel section about graceful restart.
}
# ------------- Node-to-node mesh -------------
{{`{{if (json (getv "/global/node_mesh")).enabled}}`}}
{{`{{range $host := lsdir "/host"}}`}}
{{`{{$onode_as_key := printf "/host/%s/as_num" .}}`}}
{{`{{$onode_ip_key := printf "/host/%s/ip_addr_v4" .}}`}}{{`{{if exists $onode_ip_key}}`}}{{`{{$onode_ip := getv $onode_ip_key}}`}}
{{`{{$nums := split $onode_ip "."}}`}}{{`{{$id := join $nums "_"}}`}}
# For peer {{`{{$onode_ip_key}}`}}
{{`{{if eq $onode_ip ($node_ip) }}`}}# Skipping ourselves ({{`{{$node_ip}}`}})
{{`{{else if ne "" $onode_ip}}`}}protocol bgp Mesh_{{`{{$id}}`}} from bgp_template {
neighbor {{`{{$onode_ip}}`}} as {{`{{if exists $onode_as_key}}`}}{{`{{getv $onode_as_key}}`}}{{`{{else}}`}}{{`{{getv "/global/as_num"}}`}}{{`{{end}}`}};
neighbor port {{.Values.networking.bgp.ipv4.mesh.port.neighbor}};
}{{`{{end}}`}}{{`{{end}}`}}{{`{{end}}`}}
{{`{{else}}`}}
# Node-to-node mesh disabled
{{`{{end}}`}}
# ------------- Global peers -------------
{{`{{if ls "/global/peer_v4"}}`}}
{{`{{range gets "/global/peer_v4/*"}}`}}{{`{{$data := json .Value}}`}}
{{`{{$nums := split $data.ip "."}}`}}{{`{{$id := join $nums "_"}}`}}
# For peer {{`{{.Key}}`}}
protocol bgp Global_{{`{{$id}}`}} from bgp_template {
neighbor {{`{{$data.ip}}`}} as {{`{{$data.as_num}}`}};
neighbor port {{.Values.networking.bgp.ipv4.mesh.port.neighbor}};
}
{{`{{end}}`}}
{{`{{else}}`}}# No global peers configured.{{`{{end}}`}}
# ------------- Node-specific peers -------------
{{`{{$node_peers_key := printf "/host/%s/peer_v4" (getenv "NODENAME")}}`}}
{{`{{if ls $node_peers_key}}`}}
{{`{{range gets (printf "%s/*" $node_peers_key)}}`}}{{`{{$data := json .Value}}`}}
{{`{{$nums := split $data.ip "."}}`}}{{`{{$id := join $nums "_"}}`}}
# For peer {{`{{.Key}}`}}
protocol bgp Node_{{`{{$id}}`}} from bgp_template {
neighbor {{`{{$data.ip}}`}} as {{`{{$data.as_num}}`}};
neighbor port {{.Values.networking.bgp.ipv4.mesh.port.neighbor}};
}
{{`{{end}}`}}
{{`{{else}}`}}# No node-specific peers configured.{{`{{end}}`}}