624 lines
21 KiB
YAML
624 lines
21 KiB
YAML
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: bird-cfg-template
|
|
labels:
|
|
name: bird-cfg-template
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
data: |
|
|
# Generated by confd
|
|
# AT&T {
|
|
{{- $extensions := json (getv "/global/extensions" "{}") }}
|
|
{{- $ipv4AdditionalCIDRs := split (or $extensions.ipv4AdditionalCIDRs "") "," }}
|
|
{{- $ipv4CommunityCIDRRef := json (or $extensions.ipv4CommunityCIDRRef "{}") }}
|
|
function osh_filters()
|
|
{
|
|
{{- range $ipv4AdditionalCIDRs }}
|
|
{{/* go has annoying behavior where splitting an empty string returns an array of length 1 containing an empty string, so filter out any empty strings */}}
|
|
{{- if ne . "" }}
|
|
if ( net ~ {{ . }} ) then { accept; }
|
|
{{- end }}
|
|
{{- end }}
|
|
}
|
|
function apply_communities ()
|
|
{
|
|
# Set community value based on dictionary of cidrs
|
|
{{- range $ipv4CommunityCIDRRef }}
|
|
{{- $community := .community }}
|
|
{{- $cidr := .cidr }}
|
|
{{- if .prefix }}
|
|
if ( net ~ {{ $cidr }} ) then { bgp_community.add(({{ .prefix }}, {{ $community }})); }
|
|
{{- else }}
|
|
{{/* Add the AS number */}}
|
|
{{- $node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}
|
|
if ( net ~ {{ $cidr }} ) then { bgp_community.add(({{if exists $node_as_key}}{{getv $node_as_key}}{{else}}{{getv "/global/as_num"}}{{end}}, {{ $community }})); }
|
|
{{- end }}
|
|
{{- end }}
|
|
}
|
|
# } # AT&T
|
|
include "bird_aggr.cfg";
|
|
include "bird_ipam.cfg";
|
|
|
|
{{- $node_ip_key := printf "/host/%s/ip_addr_v4" (getenv "NODENAME")}}{{$node_ip := getv $node_ip_key}}
|
|
{{- $router_id := getenv "CALICO_ROUTER_ID" ""}}
|
|
|
|
{{- $node_name := getenv "NODENAME"}}
|
|
|
|
router id {{if eq "hash" ($router_id) -}}
|
|
{{hashToIPv4 $node_name}};
|
|
{{- else -}}
|
|
{{if ne "" ($router_id)}}{{$router_id}}{{else}}{{$node_ip}}{{end}};
|
|
{{- end}}
|
|
|
|
{{- define "LOGGING"}}
|
|
{{- $node_logging_key := printf "/host/%s/loglevel" (getenv "NODENAME")}}
|
|
{{- if exists $node_logging_key}}
|
|
{{- $logging := getv $node_logging_key}}
|
|
{{- if eq $logging "debug"}}
|
|
debug all;
|
|
{{- else if ne $logging "none"}}
|
|
debug { states };
|
|
{{- end}}
|
|
{{- else if exists "/global/loglevel"}}
|
|
{{- $logging := getv "/global/loglevel"}}
|
|
{{- if eq $logging "debug"}}
|
|
debug all;
|
|
{{- else if ne $logging "none"}}
|
|
debug { states };
|
|
{{- end}}
|
|
{{- else}}
|
|
debug { states };
|
|
{{- end}}
|
|
{{- end}}
|
|
|
|
# Configure synchronization between routing tables and kernel.
|
|
protocol kernel {
|
|
learn; # Learn all alien routes from the kernel
|
|
persist; # Don't remove routes on bird shutdown
|
|
scan time 2; # Scan kernel routing table every 2 seconds
|
|
import all;
|
|
export filter calico_kernel_programming; # Default is export none
|
|
graceful restart; # Turn on graceful restart to reduce potential flaps in
|
|
# routes when reloading BIRD configuration. With a full
|
|
# automatic mesh, there is no way to prevent BGP from
|
|
# flapping since multiple nodes update their BGP
|
|
# configuration at the same time, GR is not guaranteed to
|
|
# work correctly in this scenario.
|
|
}
|
|
|
|
# Watch interface up/down events.
|
|
protocol device {
|
|
{{- template "LOGGING"}}
|
|
scan time 2; # Scan interfaces every 2 seconds
|
|
}
|
|
|
|
protocol direct {
|
|
{{- template "LOGGING"}}
|
|
interface -"cali*", "*"; # Exclude cali* but include everything else.
|
|
}
|
|
|
|
{{if eq "" ($node_ip)}}# IPv4 disabled on this node.
|
|
{{else}}{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}
|
|
# Template for all BGP clients
|
|
template bgp bgp_template {
|
|
{{- $as_key := or (and (exists $node_as_key) $node_as_key) "/global/as_num"}}
|
|
{{- $node_as_num := getv $as_key}}
|
|
{{- template "LOGGING"}}
|
|
description "Connection to BGP peer";
|
|
local as {{$node_as_num}};
|
|
multihop;
|
|
gateway recursive; # This should be the default, but just in case.
|
|
import all; # Import all routes, since we don't know what the upstream
|
|
# topology is and therefore have to trust the ToR/RR.
|
|
export filter calico_export_to_bgp_peers; # Only want to export routes for workloads.
|
|
source address {{$node_ip}}; # The local address we use for the TCP connection
|
|
add paths on;
|
|
graceful restart; # See comment in kernel section about graceful restart.
|
|
connect delay time 2;
|
|
connect retry time 5;
|
|
error wait time 5,30;
|
|
}
|
|
|
|
# ------------- Node-to-node mesh -------------
|
|
{{- $node_cid_key := printf "/host/%s/rr_cluster_id" (getenv "NODENAME")}}
|
|
{{- $node_cluster_id := getv $node_cid_key}}
|
|
{{- if ne "" ($node_cluster_id)}}
|
|
# This node is configured as a route reflector with cluster ID {{$node_cluster_id}};
|
|
# ignore node-to-node mesh setting.
|
|
{{- else}}
|
|
{{if (json (getv "/global/node_mesh")).enabled}}
|
|
{{range $host := lsdir "/host"}}
|
|
{{$onode_as_key := printf "/host/%s/as_num" .}}
|
|
{{$onode_ip_key := printf "/host/%s/ip_addr_v4" .}}{{if exists $onode_ip_key}}{{$onode_ip := getv $onode_ip_key}}
|
|
{{$nums := split $onode_ip "."}}{{$id := join $nums "_"}}
|
|
# For peer {{$onode_ip_key}}
|
|
{{if eq $onode_ip ($node_ip) }}# Skipping ourselves ({{$node_ip}})
|
|
{{else if ne "" $onode_ip}}protocol bgp Mesh_{{$id}} from bgp_template {
|
|
neighbor {{$onode_ip}} as {{if exists $onode_as_key}}{{getv $onode_as_key}}{{else}}{{getv "/global/as_num"}}{{end}};
|
|
{{- /*
|
|
Make the peering unidirectional. This avoids a race where
|
|
- peer A opens a connection and begins a graceful restart
|
|
- before the restart completes, peer B opens its connection
|
|
- peer A sees the new connection and aborts the graceful restart, causing a route flap.
|
|
*/ -}}
|
|
{{if gt $onode_ip $node_ip}}
|
|
passive on; # Mesh is unidirectional, peer will connect to us.
|
|
{{- end}}
|
|
}{{end}}{{end}}{{end}}
|
|
{{else}}
|
|
# Node-to-node mesh disabled
|
|
{{end}}
|
|
{{- end}}
|
|
|
|
|
|
# ------------- Global peers -------------
|
|
{{if ls "/global/peer_v4"}}
|
|
{{range gets "/global/peer_v4/*"}}{{$data := json .Value}}
|
|
{{$nums := split $data.ip "."}}{{$id := join $nums "_"}}
|
|
# For peer {{.Key}}
|
|
{{- if eq $data.ip ($node_ip) }}
|
|
# Skipping ourselves ({{$node_ip}})
|
|
{{- else}}
|
|
protocol bgp Global_{{$id}} from bgp_template {
|
|
neighbor {{$data.ip}} as {{$data.as_num}};
|
|
{{- if and (eq $data.as_num $node_as_num) (ne "" ($node_cluster_id)) (ne $data.rr_cluster_id ($node_cluster_id))}}
|
|
rr client;
|
|
rr cluster id {{$node_cluster_id}};
|
|
{{- end}}
|
|
}
|
|
{{- end}}
|
|
{{end}}
|
|
{{else}}# No global peers configured.{{end}}
|
|
|
|
|
|
# ------------- Node-specific peers -------------
|
|
{{$node_peers_key := printf "/host/%s/peer_v4" (getenv "NODENAME")}}
|
|
{{if ls $node_peers_key}}
|
|
{{range gets (printf "%s/*" $node_peers_key)}}{{$data := json .Value}}
|
|
{{$nums := split $data.ip "."}}{{$id := join $nums "_"}}
|
|
# For peer {{.Key}}
|
|
{{- if eq $data.ip ($node_ip) }}
|
|
# Skipping ourselves ({{$node_ip}})
|
|
{{- else}}
|
|
protocol bgp Node_{{$id}} from bgp_template {
|
|
neighbor {{$data.ip}} as {{$data.as_num}};
|
|
{{- if and (eq $data.as_num $node_as_num) (ne "" ($node_cluster_id)) (ne $data.rr_cluster_id ($node_cluster_id))}}
|
|
rr client;
|
|
rr cluster id {{$node_cluster_id}};
|
|
{{- end}}
|
|
}
|
|
{{- end}}
|
|
{{end}}
|
|
{{else}}# No node-specific peers configured.{{end}}
|
|
{{end}}{{/* End of IPv4 enable check */}}
|
|
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: bird-aggr-cfg-template
|
|
labels:
|
|
name: bird-aggr-cfg-template
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
data: |
|
|
# Generated by confd
|
|
|
|
{{- $block_key := printf "/calico/ipam/v2/host/%s/ipv4/block" (getenv "NODENAME")}}
|
|
{{- $static_key := "/calico/staticroutes"}}
|
|
{{if or (ls $block_key) (ls $static_key)}}
|
|
protocol static {
|
|
{{- if ls $block_key}}
|
|
# IP blocks for this host.
|
|
{{- range ls $block_key}}
|
|
{{- $parts := split . "-"}}
|
|
{{- $cidr := join $parts "/"}}
|
|
route {{$cidr}} blackhole;
|
|
{{- end}}
|
|
{{- end}}
|
|
{{- if ls $static_key}}
|
|
# Static routes.
|
|
{{- range ls $static_key}}
|
|
{{- $parts := split . "-"}}
|
|
{{- $cidr := join $parts "/"}}
|
|
route {{$cidr}} blackhole;
|
|
{{- end}}
|
|
{{- end}}
|
|
}
|
|
{{else}}# No IP blocks or static routes for this host.{{end}}
|
|
|
|
# Aggregation of routes on this host; export the block, nothing beneath it.
|
|
function calico_aggr ()
|
|
{
|
|
{{- range ls $block_key}}
|
|
{{- $parts := split . "-"}}
|
|
{{- $cidr := join $parts "/"}}
|
|
{{- $affinity := json (getv (printf "%s/%s" $block_key .))}}
|
|
{{- if $affinity.state}}
|
|
# Block {{$cidr}} is {{$affinity.state}}
|
|
{{- if eq $affinity.state "confirmed"}}
|
|
if ( net = {{$cidr}} ) then { accept; }
|
|
if ( net ~ {{$cidr}} ) then { reject; }
|
|
{{- end}}
|
|
{{- else }}
|
|
# Block {{$cidr}} is implicitly confirmed.
|
|
if ( net = {{$cidr}} ) then { accept; }
|
|
if ( net ~ {{$cidr}} ) then { reject; }
|
|
{{- end }}
|
|
{{- end}}
|
|
}
|
|
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: bird-ipam-cfg-template
|
|
labels:
|
|
name: bird-ipam-cfg-template
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
data: |
|
|
# Generated by confd
|
|
filter calico_export_to_bgp_peers {
|
|
# AT&T {
|
|
apply_communities();
|
|
# } # AT&T
|
|
calico_aggr();
|
|
# AT&T {
|
|
osh_filters();
|
|
# } # AT&T
|
|
{{- $static_key := "/staticroutes"}}
|
|
{{- if ls $static_key}}
|
|
|
|
# Export static routes.
|
|
{{- range ls $static_key}}
|
|
{{- $parts := split . "-"}}
|
|
{{- $cidr := join $parts "/"}}
|
|
if ( net ~ {{$cidr}} ) then { accept; }
|
|
{{- end}}
|
|
{{- end}}
|
|
{{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}}
|
|
if ( net ~ {{$data.cidr}} ) then {
|
|
accept;
|
|
}
|
|
{{- end}}
|
|
reject;
|
|
}
|
|
|
|
{{$network_key := printf "/bgp/v1/host/%s/network_v4" (getenv "NODENAME")}}{{if exists $network_key}}{{$network := getv $network_key}}
|
|
filter calico_kernel_programming {
|
|
{{- $reject_key := "/rejectcidrs"}}
|
|
{{- if ls $reject_key}}
|
|
|
|
# Don't program static routes into kernel.
|
|
{{- range ls $reject_key}}
|
|
{{- $parts := split . "-"}}
|
|
{{- $cidr := join $parts "/"}}
|
|
if ( net ~ {{$cidr}} ) then { reject; }
|
|
{{- end}}
|
|
|
|
{{- end}}
|
|
{{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}}
|
|
if ( net ~ {{$data.cidr}} ) then {
|
|
{{- if $data.vxlan_mode}}
|
|
# Don't program VXLAN routes into the kernel - these are handled by Felix.
|
|
reject;
|
|
}
|
|
{{- else if $data.ipip_mode}}{{if eq $data.ipip_mode "cross-subnet"}}
|
|
if defined(bgp_next_hop) && ( bgp_next_hop ~ {{$network}} ) then
|
|
krt_tunnel = ""; {{/* Destination in ipPool, mode is cross sub-net, route from-host on subnet, do not use IPIP */}}
|
|
else
|
|
krt_tunnel = "{{$data.ipip}}"; {{/* Destination in ipPool, mode is cross sub-net, route from-host off subnet, set the tunnel (if IPIP not enabled, value will be "") */}}
|
|
accept;
|
|
} {{else}}
|
|
krt_tunnel = "{{$data.ipip}}"; {{/* Destination in ipPool, mode not cross sub-net, set the tunnel (if IPIP not enabled, value will be "") */}}
|
|
accept;
|
|
} {{end}} {{else}}
|
|
krt_tunnel = "{{$data.ipip}}"; {{/* Destination in ipPool, mode field is not present, set the tunnel (if IPIP not enabled, value will be "") */}}
|
|
accept;
|
|
} {{end}}
|
|
{{end}}
|
|
accept; {{/* Destination is not in any ipPool, accept */}}
|
|
}
|
|
{{else}}
|
|
filter calico_kernel_programming { accept; }
|
|
{{end}}{{/* End of 'exists $network_key' */}}
|
|
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: bird6-cfg-template
|
|
labels:
|
|
name: bird6-cfg-template
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
data: |
|
|
# Generated by confd
|
|
# AT&T {
|
|
{{- $extensions := json (getv "/global/extensions" "{}") }}
|
|
{{- $ipv6AdditionalCIDRs := split (or $extensions.ipv6AdditionalCIDRs "") "," }}
|
|
{{- $ipv6CommunityCIDRRef := json (or $extensions.ipv6CommunityCIDRRef "{}") }}
|
|
function osh_filters()
|
|
{
|
|
{{- range $ipv6AdditionalCIDRs }}
|
|
{{/* go has annoying behavior where splitting an empty string returns an array of length 1 containing an empty string, so filter out any empty strings */}}
|
|
{{- if ne . "" }}
|
|
if ( net ~ {{ . }} ) then { accept; }
|
|
{{- end }}
|
|
{{- end }}
|
|
}
|
|
function apply_communities ()
|
|
{
|
|
# Set community value based on dictionary of cidrs
|
|
{{- range $ipv6CommunityCIDRRef }}
|
|
{{- $community := .community }}
|
|
{{- $cidr := .cidr }}
|
|
{{- if .prefix }}
|
|
if ( net ~ {{ $cidr }} ) then { bgp_community.add(({{ .prefix }}, {{ $community }})); }
|
|
{{- else }}
|
|
{{/* Add the AS number */}}
|
|
{{- $node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}
|
|
if ( net ~ {{ $cidr }} ) then { bgp_community.add(({{if exists $node_as_key}}{{getv $node_as_key}}{{else}}{{getv "/global/as_num"}}{{end}}, {{ $community }})); }
|
|
{{- end }}
|
|
{{- end }}
|
|
}
|
|
# } # AT&T
|
|
include "bird6_aggr.cfg";
|
|
include "bird6_ipam.cfg";
|
|
|
|
{{- $node_ip_key := printf "/host/%s/ip_addr_v4" (getenv "NODENAME")}}{{$node_ip := getv $node_ip_key}}
|
|
{{- $node_ip6_key := printf "/host/%s/ip_addr_v6" (getenv "NODENAME")}}{{$node_ip6 := getv $node_ip6_key}}
|
|
{{- $router_id := getenv "CALICO_ROUTER_ID" ""}}
|
|
|
|
{{- $node_name := getenv "NODENAME"}}
|
|
router id {{if eq "hash" ($router_id) -}}
|
|
{{hashToIPv4 $node_name}}; # Use IP address generated by nodename's hash
|
|
{{- else -}}
|
|
{{if ne "" ($router_id)}}{{$router_id}}{{else}}{{$node_ip}}{{end}}; # Use IPv4 address since router id is 4 octets, even in MP-BGP
|
|
{{- end}}
|
|
|
|
{{- define "LOGGING"}}
|
|
{{- $node_logging_key := printf "/host/%s/loglevel" (getenv "NODENAME")}}
|
|
{{- if exists $node_logging_key}}
|
|
{{- $logging := getv $node_logging_key}}
|
|
{{- if eq $logging "debug"}}
|
|
debug all;
|
|
{{- else if ne $logging "none"}}
|
|
debug { states };
|
|
{{- end}}
|
|
{{- else if exists "/global/loglevel"}}
|
|
{{- $logging := getv "/global/loglevel"}}
|
|
{{- if eq $logging "debug"}}
|
|
debug all;
|
|
{{- else if ne $logging "none"}}
|
|
debug { states };
|
|
{{- end}}
|
|
{{- else}}
|
|
debug { states };
|
|
{{- end}}
|
|
{{- end}}
|
|
|
|
# Configure synchronization between routing tables and kernel.
|
|
protocol kernel {
|
|
learn; # Learn all alien routes from the kernel
|
|
persist; # Don't remove routes on bird shutdown
|
|
scan time 2; # Scan kernel routing table every 2 seconds
|
|
import all;
|
|
export all; # Default is export none
|
|
graceful restart; # Turn on graceful restart to reduce potential flaps in
|
|
# routes when reloading BIRD configuration. With a full
|
|
# automatic mesh, there is no way to prevent BGP from
|
|
# flapping since multiple nodes update their BGP
|
|
# configuration at the same time, GR is not guaranteed to
|
|
# work correctly in this scenario.
|
|
}
|
|
|
|
# Watch interface up/down events.
|
|
protocol device {
|
|
{{- template "LOGGING"}}
|
|
scan time 2; # Scan interfaces every 2 seconds
|
|
}
|
|
|
|
protocol direct {
|
|
{{- template "LOGGING"}}
|
|
interface -"cali*", "*"; # Exclude cali* but include everything else.
|
|
}
|
|
|
|
{{if eq "" ($node_ip6)}}# IPv6 disabled on this node.
|
|
{{else}}{{$node_as_key := printf "/host/%s/as_num" (getenv "NODENAME")}}
|
|
# Template for all BGP clients
|
|
template bgp bgp_template {
|
|
{{- $as_key := or (and (exists $node_as_key) $node_as_key) "/global/as_num"}}
|
|
{{- $node_as_num := getv $as_key}}
|
|
{{- template "LOGGING"}}
|
|
description "Connection to BGP peer";
|
|
local as {{$node_as_num}};
|
|
multihop;
|
|
gateway recursive; # This should be the default, but just in case.
|
|
import all; # Import all routes, since we don't know what the upstream
|
|
# topology is and therefore have to trust the ToR/RR.
|
|
export filter calico_export_to_bgp_peers; # Only want to export routes for workloads.
|
|
source address {{$node_ip6}}; # The local address we use for the TCP connection
|
|
add paths on;
|
|
graceful restart; # See comment in kernel section about graceful restart.
|
|
connect delay time 2;
|
|
connect retry time 5;
|
|
error wait time 5,30;
|
|
}
|
|
|
|
# ------------- Node-to-node mesh -------------
|
|
{{- $node_cid_key := printf "/host/%s/rr_cluster_id" (getenv "NODENAME")}}
|
|
{{- $node_cluster_id := getv $node_cid_key}}
|
|
{{- if ne "" ($node_cluster_id)}}
|
|
# This node is configured as a route reflector with cluster ID {{$node_cluster_id}};
|
|
# ignore node-to-node mesh setting.
|
|
{{- else}}
|
|
{{if (json (getv "/global/node_mesh")).enabled}}
|
|
{{range $host := lsdir "/host"}}
|
|
{{$onode_as_key := printf "/host/%s/as_num" .}}
|
|
{{$onode_ip_key := printf "/host/%s/ip_addr_v6" .}}{{if exists $onode_ip_key}}{{$onode_ip := getv $onode_ip_key}}
|
|
{{$nums := split $onode_ip ":"}}{{$id := join $nums "_"}}
|
|
# For peer {{$onode_ip_key}}
|
|
{{if eq $onode_ip ($node_ip6) }}# Skipping ourselves ({{$node_ip6}})
|
|
{{else if eq "" $onode_ip}}# No IPv6 address configured for this node
|
|
{{else}}protocol bgp Mesh_{{$id}} from bgp_template {
|
|
neighbor {{$onode_ip}} as {{if exists $onode_as_key}}{{getv $onode_as_key}}{{else}}{{getv "/global/as_num"}}{{end}};
|
|
{{- /*
|
|
Make the peering unidirectional. This avoids a race where
|
|
- peer A opens a connection and begins a graceful restart
|
|
- before the restart completes, peer B opens its connection
|
|
- peer A sees the new connection and aborts the graceful restart, causing a route flap.
|
|
*/ -}}
|
|
{{if gt $onode_ip $node_ip6 }}
|
|
passive on; # Mesh is unidirectional, peer will connect to us.
|
|
{{- end}}
|
|
}{{end}}{{end}}{{end}}
|
|
{{else}}
|
|
# Node-to-node mesh disabled
|
|
{{end}}
|
|
{{- end}}
|
|
|
|
|
|
# ------------- Global peers -------------
|
|
{{if ls "/global/peer_v6"}}
|
|
{{range gets "/global/peer_v6/*"}}{{$data := json .Value}}
|
|
{{$nums := split $data.ip ":"}}{{$id := join $nums "_"}}
|
|
# For peer {{.Key}}
|
|
{{- if eq $data.ip ($node_ip6) }}
|
|
# Skipping ourselves ({{$node_ip6}})
|
|
{{- else}}
|
|
protocol bgp Global_{{$id}} from bgp_template {
|
|
neighbor {{$data.ip}} as {{$data.as_num}};
|
|
{{- if and (eq $data.as_num $node_as_num) (ne "" ($node_cluster_id)) (ne $data.rr_cluster_id ($node_cluster_id))}}
|
|
rr client;
|
|
rr cluster id {{$node_cluster_id}};
|
|
{{- end}}
|
|
}
|
|
{{- end}}
|
|
{{end}}
|
|
{{else}}# No global peers configured.{{end}}
|
|
|
|
|
|
# ------------- Node-specific peers -------------
|
|
{{$node_peers_key := printf "/host/%s/peer_v6" (getenv "NODENAME")}}
|
|
{{if ls $node_peers_key}}
|
|
{{range gets (printf "%s/*" $node_peers_key)}}{{$data := json .Value}}
|
|
{{$nums := split $data.ip ":"}}{{$id := join $nums "_"}}
|
|
# For peer {{.Key}}
|
|
{{- if eq $data.ip ($node_ip6) }}
|
|
# Skipping ourselves ({{$node_ip6}})
|
|
{{- else}}
|
|
protocol bgp Node_{{$id}} from bgp_template {
|
|
neighbor {{$data.ip}} as {{$data.as_num}};
|
|
{{- if and (eq $data.as_num $node_as_num) (ne "" ($node_cluster_id)) (ne $data.rr_cluster_id ($node_cluster_id))}}
|
|
rr client;
|
|
rr cluster id {{$node_cluster_id}};
|
|
{{- end}}
|
|
}
|
|
{{- end}}
|
|
{{end}}
|
|
{{else}}# No node-specific peers configured.{{end}}
|
|
{{end}}
|
|
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: bird6-aggr-cfg-template
|
|
labels:
|
|
name: bird6-aggr-cfg-template
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
data: |
|
|
# Generated by confd
|
|
|
|
{{- $block_key := printf "/calico/ipam/v2/host/%s/ipv6/block" (getenv "NODENAME")}}
|
|
{{if ls $block_key}}
|
|
protocol static {
|
|
# IP blocks for this host.
|
|
{{- range ls $block_key}}
|
|
{{- $parts := split . "-"}}
|
|
{{- $cidr := join $parts "/"}}
|
|
route {{$cidr}} blackhole;
|
|
{{- end}}
|
|
}
|
|
{{else}}# No IP blocks or static routes for this host.{{end}}
|
|
|
|
# Aggregation of routes on this host; export the block, nothing beneath it.
|
|
function calico_aggr ()
|
|
{
|
|
{{- range ls $block_key}}
|
|
{{- $parts := split . "-"}}
|
|
{{- $cidr := join $parts "/"}}
|
|
{{- $affinity := json (getv (printf "%s/%s" $block_key .))}}
|
|
{{- if $affinity.state}}
|
|
# Block {{$cidr}} is {{$affinity.state}}
|
|
{{- if eq $affinity.state "confirmed"}}
|
|
if ( net = {{$cidr}} ) then { accept; }
|
|
if ( net ~ {{$cidr}} ) then { reject; }
|
|
{{- end}}
|
|
{{- else }}
|
|
# Block {{$cidr}} is implicitly confirmed.
|
|
if ( net = {{$cidr}} ) then { accept; }
|
|
if ( net ~ {{$cidr}} ) then { reject; }
|
|
{{- end }}
|
|
{{- end}}
|
|
}
|
|
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: bird6-ipam-cfg-template
|
|
labels:
|
|
name: bird6-ipam-cfg-template
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
data: |
|
|
# Generated by confd
|
|
filter calico_export_to_bgp_peers {
|
|
# AT&T {
|
|
apply_communities();
|
|
# } # AT&T
|
|
calico_aggr();
|
|
# AT&T {
|
|
osh_filters();
|
|
# } # AT&T
|
|
{{range ls "/pool"}}{{$data := json (getv (printf "/pool/%s" .))}}
|
|
if ( net ~ {{$data.cidr}} ) then {
|
|
accept;
|
|
}
|
|
{{end}}
|
|
reject;
|
|
}
|
|
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: tunl-ip-template
|
|
labels:
|
|
name: tunl-ip-template
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
data: |
|
|
We must dump all pool data to this file to trigger a re-run of the tunnel
|
|
address allocation code whenever an IP pool changes.
|
|
|
|
{{range ls "/pool"}}{{$data := json (getv (printf "/pool/%s" .))}}
|
|
{{- if or $data.ipip $data.vxlan_mode}}
|
|
{{- if not $data.disabled}}{{$data}}{{end}}
|
|
{{- end}}
|
|
{{end}}
|