Skip to content

Commit

Permalink
with snat functionality the k8s firewall object contains the metal ne…
Browse files Browse the repository at this point in the history 
…tworks and can extract service and the private vrf by its own (#35)
  • Loading branch information
@mwindower
mwindower authored Nov 17, 2020
1 parent dd2858a commit 64ef18b
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 6 deletions.
4 changes: 0 additions & 4 deletions internal/netconf/firewall_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,9 @@ func NewFirewallControllerServiceApplier(kb KnowledgeBase, v net.Validator) (net
if len(kb.getPrivatePrimaryNetwork().Ips) == 0 {
return nil, fmt.Errorf("no private IP found useable for the firewall controller")
}
serviceIP := kb.getPrivatePrimaryNetwork().Ips[0]
privateVrfID := kb.getPrivatePrimaryNetwork().Vrf
data := FirewallControllerData{
Comment: versionHeader(kb.Machineuuid),
DefaultRouteVrf: defaultRouteVrf,
ServiceIP: serviceIP,
PrivateVrfID: *privateVrfID,
}

return net.NewNetworkApplier(data, v, nil), nil
Expand Down
2 changes: 1 addition & 1 deletion internal/netconf/testdata/firewall-controller.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ After=network.target
[Service]
LimitMEMLOCK=infinity
Environment=KUBECONFIG=/etc/firewall-controller/.kubeconfig
ExecStart=/bin/ip vrf exec vrf104009 /usr/local/bin/firewall-controller --service-ip 10.0.16.2 --private-vrf 3981
ExecStart=/bin/ip vrf exec vrf104009 /usr/local/bin/firewall-controller
Restart=always
RestartSec=10

Expand Down
2 changes: 1 addition & 1 deletion internal/netconf/tpl/firewall_controller.service.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ After=network.target
[Service]
LimitMEMLOCK=infinity
Environment=KUBECONFIG=/etc/firewall-controller/.kubeconfig
ExecStart=/bin/ip vrf exec {{ .DefaultRouteVrf }} /usr/local/bin/firewall-controller --service-ip {{ .ServiceIP }} --private-vrf {{ .PrivateVrfID }}
ExecStart=/bin/ip vrf exec {{ .DefaultRouteVrf }} /usr/local/bin/firewall-controller
Restart=always
RestartSec=10

Expand Down

0 comments on commit 64ef18b

Please sign in to comment.