Skip to content

Commit

Permalink
Merge branch 'loxilb-io:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
nik-netlox authored Nov 4, 2024
2 parents e538596 + d9d1096 commit 76958d0
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 16 deletions.
11 changes: 10 additions & 1 deletion cicd/common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,15 @@ docker_extra_opts=""
# lxdocker="ghcr.io/loxilb-io/loxilb:latestu22"
#fi


if [ ! -d loxilb.io ]; then
../common/minica --domains loxilb.io
mkdir cert
cp minica.pem cert/rootCA.crt
cp loxilb.io/cert.pem cert/server.crt
cp loxilb.io/key.pem cert/server.key
fi

loxilbs=()

## Given a docker name(arg1), return its pid
Expand Down Expand Up @@ -118,7 +127,7 @@ spawn_docker_host() {
get_llb_peerIP $dname
docker exec -dt $dname /root/loxilb-io/loxilb/loxilb $bgp_opts $cluster_opts $ka_opts $extra_opts
else
docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dt $docker_extra_opts --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log $loxilb_config --name $dname $lxdocker $bgp_opts
docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dt $docker_extra_opts --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log -v `pwd`/cert:/opt/loxilb/cert/ $loxilb_config --name $dname $lxdocker $bgp_opts
docker exec -dt $dname /root/loxilb-io/loxilb/loxilb $bgp_opts $cluster_opts $extra_opts
fi
elif [[ "$dtype" == "host" ]]; then
Expand Down
Binary file added cicd/common/minica
Binary file not shown.
10 changes: 0 additions & 10 deletions cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-secret.yml

This file was deleted.

21 changes: 20 additions & 1 deletion cicd/k3s-flannel-loxilb-ingress/master.sh
Original file line number Diff line number Diff line change
@@ -1,13 +1,32 @@
export MASTER_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep '192.168.80' | awk '{print $2}' | cut -f1 -d '/')

apt-get update && apt install -y libnss3-tools
ldconfig /usr/local/lib64/ | true
mkdir certs
cd certs
wget --retry-connrefused --waitretry=1 --read-timeout=20 --timeout=15 -t 3 https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64
chmod +x mkcert-v1.4.3-linux-amd64
mv mkcert-v1.4.3-linux-amd64 mkcert
mkdir loxilb.io
export CAROOT=`pwd`/loxilb.io
./mkcert -install
./mkcert loxilb.io
mv loxilb.io.pem ../server.crt
mv loxilb.io-key.pem ../server.key
cd -

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --disable servicelb --node-ip=${MASTER_IP}" sh -

echo $MASTER_IP > /vagrant/master-ip
sudo cp /var/lib/rancher/k3s/server/node-token /vagrant/node-token
sudo sed -i -e "s/127.0.0.1/${MASTER_IP}/g" /etc/rancher/k3s/k3s.yaml
sudo cp /etc/rancher/k3s/k3s.yaml /vagrant/k3s.yaml
sudo kubectl create secret tls loxilb-ssl --cert server.crt --key server.key -n kube-system -o yaml --dry-run >> loxilb-secret.yml
sed -i -e 's/tls.key/server.key/g' ./loxilb-secret.yml
sed -i -e 's/tls.crt/server.crt/g' ./loxilb-secret.yml
sed -i -e 's/kubernetes.io\/tls/Opaque/g' ./loxilb-secret.yml
sudo kubectl apply -f /vagrant/kube-loxilb.yml
sudo kubectl apply -f /vagrant/ingress/loxilb-secret.yml
sudo kubectl apply -f loxilb-secret.yml
sudo kubectl apply -f /vagrant/ingress/loxilb-ingress-deploy.yml
sudo kubectl apply -f /vagrant/ingress/loxilb-ingress-svc.yml
sudo kubectl apply -f /vagrant/ingress/loxilb-ingress.yml
Expand Down
2 changes: 1 addition & 1 deletion options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ var Opts struct {
Host string `long:"host" description:"the IP to listen on" default:"0.0.0.0" env:"HOST"`
Port int `long:"port" description:"the port to listen on for insecure connections" default:"11111" env:"PORT"`
TLS bool `long:"tls" description:"enable TLS " env:"TLS"`
TLSHost string `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"`
TLSHost string `long:"tls-host" description:"the IP to listen on for tls" default:"0.0.0.0" env:"TLS_HOST"`
TLSPort int `long:"tls-port" description:"the port to listen on for secure connections" default:"8091" env:"TLS_PORT"`
TLSCertificate flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" default:"/opt/loxilb/cert/server.crt" env:"TLS_CERTIFICATE"`
TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" default:"/opt/loxilb/cert/server.key" env:"TLS_PRIVATE_KEY"`
Expand Down
8 changes: 5 additions & 3 deletions tools/k8s/mkllb-url
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,12 @@ if [[ ${cloud} == "aws" ]]; then
unzip awscliv2.zip && ./aws/install
fi
token=`curl -s -m 10 -X PUT http://169.254.169.254/latest/api/token -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && \
if [[ "x$addr" == "x0.0.0.0" ]]; then
laddr=`curl -s -m 10 -H "X-aws-ec2-metadata-token: $token" http://169.254.169.254/latest/meta-data/local-ipv4`
laddr=`curl -s -m 10 -H "X-aws-ec2-metadata-token: $token" http://169.254.169.254/latest/meta-data/local-ipv4`
if [[ "x$addr" == "xlocal" ]]; then
addr=$laddr
else
addr=`curl -s -m 10 -H "X-aws-ec2-metadata-token: $token" http://169.254.169.254/latest/meta-data/public-ipv4`
fi
addr=`curl -s -m 10 -H "X-aws-ec2-metadata-token: $token" http://169.254.169.254/latest/meta-data/public-ipv4`
else
if [[ "x$addr" == "x0.0.0.0" ]]; then
laddr=`ip route get 8.8.8.8 | head -1 | cut -d' ' -f3`
Expand Down

0 comments on commit 76958d0

Please sign in to comment.