Serge Bazanski | a5ed644 | 2020-09-20 22:52:57 +0000 | [diff] [blame] | 1 | # This is forked from bird.cfg.template from calico running on k0.hswaw.net on 2020/09/21. |
| 2 | # Changed vs. upstream (C-f HSCLOUD): |
| 3 | # - do not program RTD_UNREACHABLE routes into the kernel (these come from metallb, and |
| 4 | # programming them seems to break things) |
| 5 | # Generated by confd |
| 6 | filter calico_export_to_bgp_peers { |
| 7 | calico_aggr(); |
| 8 | {{- $static_key := "/staticroutes"}} |
| 9 | {{- if ls $static_key}} |
| 10 | |
| 11 | # Export static routes. |
| 12 | {{- range ls $static_key}} |
| 13 | {{- $parts := split . "-"}} |
| 14 | {{- $cidr := join $parts "/"}} |
| 15 | if ( net ~ {{$cidr}} ) then { accept; } |
| 16 | {{- end}} |
| 17 | {{- end}} |
| 18 | {{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}} |
| 19 | if ( net ~ {{$data.cidr}} ) then { |
| 20 | accept; |
| 21 | } |
| 22 | {{- end}} |
| 23 | reject; |
| 24 | } |
| 25 | |
| 26 | {{$network_key := printf "/bgp/v1/host/%s/network_v4" (getenv "NODENAME")}} |
| 27 | filter calico_kernel_programming { |
| 28 | {{- $reject_key := "/rejectcidrs"}} |
| 29 | {{- if ls $reject_key}} |
| 30 | |
| 31 | if ( dest = RTD_UNREACHABLE ) then { # HSCLOUD |
| 32 | reject; |
| 33 | } |
| 34 | |
| 35 | # Don't program static routes into kernel. |
| 36 | {{- range ls $reject_key}} |
| 37 | {{- $parts := split . "-"}} |
| 38 | {{- $cidr := join $parts "/"}} |
| 39 | if ( net ~ {{$cidr}} ) then { reject; } |
| 40 | {{- end}} |
| 41 | |
| 42 | {{- end}} |
| 43 | {{- if exists $network_key}}{{$network := getv $network_key}} |
| 44 | {{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}} |
| 45 | if ( net ~ {{$data.cidr}} ) then { |
| 46 | {{- if $data.vxlan_mode}} |
| 47 | # Don't program VXLAN routes into the kernel - these are handled by Felix. |
| 48 | reject; |
| 49 | } |
| 50 | {{- else if $data.ipip_mode}}{{if eq $data.ipip_mode "cross-subnet"}} |
| 51 | if defined(bgp_next_hop) && ( bgp_next_hop ~ {{$network}} ) then |
| 52 | krt_tunnel = ""; {{- /* Destination in ipPool, mode is cross sub-net, route from-host on subnet, do not use IPIP */}} |
| 53 | else |
| 54 | krt_tunnel = "{{$data.ipip}}"; {{- /* Destination in ipPool, mode is cross sub-net, route from-host off subnet, set the tunnel (if IPIP not enabled, value will be "") */}} |
| 55 | accept; |
| 56 | } {{- else}} |
| 57 | krt_tunnel = "{{$data.ipip}}"; {{- /* Destination in ipPool, mode not cross sub-net, set the tunnel (if IPIP not enabled, value will be "") */}} |
| 58 | accept; |
| 59 | } {{- end}} {{- else}} |
| 60 | krt_tunnel = "{{$data.ipip}}"; {{- /* Destination in ipPool, mode field is not present, set the tunnel (if IPIP not enabled, value will be "") */}} |
| 61 | accept; |
| 62 | } {{- end}} |
| 63 | {{end}} |
| 64 | {{- end}}{{/* End of 'exists $network_key' */}} |
| 65 | accept; {{- /* Destination is not in any ipPool, accept */}} |
| 66 | } |