Skip to content

Commit

Permalink
Lothlorien example w/ YAML
Browse files Browse the repository at this point in the history
  • Loading branch information
@jrokeach
jrokeach committed Oct 19, 2023
1 parent 5fd84d4 commit 9620996
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 43 deletions.
98 changes: 62 additions & 36 deletions examples/2regions-hrr/meshrr-lothlorien.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,30 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: meshrr-lothlorien-conf
data:
meshrr.conf.yml: |+
encrypted_root_pw: NOLOGIN
asn: "65000"
mode: ipv4rr
bgpgroups:
- name: MESHRR-MESH
type: mesh
source:
sourcetype: dns
hostname: meshrr-lothlorien
- name: MESHRR-CLIENTS
type: subtractive
prefixes:
- 0.0.0.0/0
- name: MESHRR-UPSTREAM
type: mesh
source:
sourcetype: dns
hostname: meshrr-core
max_peers: 2
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
Expand Down Expand Up @@ -121,6 +147,15 @@ spec:
emptyDir: {}
- name: ssh-id
emptyDir: {}
- name: meshrr-conf
configMap:
defaultMode: 256
items:
- key: meshrr.conf.yml
mode: 256
path: meshrr.conf.yml
name: meshrr-lothlorien-conf
optional: false
- configMap:
defaultMode: 256
items:
Expand All @@ -140,7 +175,11 @@ spec:
mountPath: /secret/ssh/
- name: config
mountPath: /config/
- mountPath: /opt/meshrr/overrides/juniper.conf.j2
- name: meshrr-conf
mountPath: /opt/meshrr/conf/meshrr.conf.yml
readOnly: true
subPath: meshrr.conf.yml
- mountPath: /opt/meshrr/conf/juniper.conf.j2
name: override-config
readOnly: true
subPath: juniper.conf.j2
Expand All @@ -154,17 +193,6 @@ spec:
secretKeyRef:
name: crpd-license
key: crpd-license
- name: AUTONOMOUS_SYSTEM
value: '65000'
- name: ENCRYPTED_ROOT_PW
value: >-
$6$4XN/d$QdZrrRZNL2MtGXqKuZ/mr1S5tH46eyBKTKeWGVugxfqCGjKKqH2LhP8yNoqfYwVNvc0xsd0JSl6s9epsSPB7M1
- name: MESH_SERVICE_NAME
value: meshrr-lothlorien
- name: UPSTREAM_SERVICE_NAME
value: meshrr-core
- name: MESHRR_CLIENTRANGE
value: 0/0
containers:
- name: crpd
image: localhost/juniper/crpd:23.2R1.13
Expand Down Expand Up @@ -212,17 +240,15 @@ spec:
volumeMounts:
- name: ssh-id
mountPath: /secret/ssh/
- name: meshrr-conf
mountPath: /opt/meshrr/conf/meshrr.conf.yml
readOnly: true
subPath: meshrr.conf.yml
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MESH_SERVICE_NAME
value: meshrr-lothlorien
- name: UPSTREAM_SERVICE_NAME
value: meshrr-core
- name: MESHRR_CLIENTRANGE
value: 0/0
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
Expand Down Expand Up @@ -269,6 +295,15 @@ spec:
emptyDir: {}
- name: ssh-id
emptyDir: {}
- name: meshrr-conf
configMap:
defaultMode: 256
items:
- key: meshrr.conf.yml
mode: 256
path: meshrr.conf.yml
name: meshrr-lothlorien-conf
optional: false
- configMap:
defaultMode: 256
items:
Expand All @@ -288,7 +323,11 @@ spec:
mountPath: /secret/ssh/
- name: config
mountPath: /config/
- mountPath: /opt/meshrr/overrides/juniper.conf.j2
- name: meshrr-conf
mountPath: /opt/meshrr/conf/meshrr.conf.yml
readOnly: true
subPath: meshrr.conf.yml
- mountPath: /opt/meshrr/conf/juniper.conf.j2
name: override-config
readOnly: true
subPath: juniper.conf.j2
Expand All @@ -302,17 +341,6 @@ spec:
secretKeyRef:
name: crpd-license
key: crpd-license
- name: AUTONOMOUS_SYSTEM
value: '65000'
- name: ENCRYPTED_ROOT_PW
value: >-
$6$4XN/d$QdZrrRZNL2MtGXqKuZ/mr1S5tH46eyBKTKeWGVugxfqCGjKKqH2LhP8yNoqfYwVNvc0xsd0JSl6s9epsSPB7M1
- name: MESH_SERVICE_NAME
value: meshrr-lothlorien
- name: UPSTREAM_SERVICE_NAME
value: meshrr-core
- name: MESHRR_CLIENTRANGE
value: 0/0
containers:
- name: crpd
image: localhost/juniper/crpd:23.2R1.13
Expand Down Expand Up @@ -360,17 +388,15 @@ spec:
volumeMounts:
- name: ssh-id
mountPath: /secret/ssh/
- name: meshrr-conf
mountPath: /opt/meshrr/conf/meshrr.conf.yml
readOnly: true
subPath: meshrr.conf.yml
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MESH_SERVICE_NAME
value: meshrr-lothlorien
- name: UPSTREAM_SERVICE_NAME
value: meshrr-core
- name: MESHRR_CLIENTRANGE
value: 0/0
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
Expand Down
10 changes: 5 additions & 5 deletions examples/2regions-hrr/templates/lothlorien-config.j2
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
system {
root-authentication {
encrypted-password "{{ ENCRYPTED_ROOT_PW }}"; ## SECRET-DATA
encrypted-password "{{ encrypted_root_pw }}"; ## SECRET-DATA
}
login {
user meshrr {
Expand Down Expand Up @@ -40,12 +40,12 @@ groups {
group MESHRR-CLIENTS {
type internal;
cluster {{ POD_IP }};
allow {{ MESHRR_CLIENTRANGE }};
}{% if UPSTREAM_SERVICE_NAME is not none %}
allow [ {% for prefix in bgpgroups_subtractive['MESHRR-CLIENTS'].prefixes %}{{ prefix }} {% endfor %}];
}
group MESHRR-UPSTREAM {
type internal;
export UPSTREAM-OUT;
}{% endif %}
}
}
}
}
Expand All @@ -68,7 +68,7 @@ policy-options {
community INREGION-PREFERRED members 65000:102;
}
routing-options {
autonomous-system {{ AUTONOMOUS_SYSTEM }};
autonomous-system {{ asn }};
router-id {{ POD_IP }};
}
protocols {
Expand Down
4 changes: 2 additions & 2 deletions examples/2regions-hrr/templates/mirkwood-config.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,11 @@ groups {
type internal;
cluster {{ POD_IP }};
allow [ {% for prefix in bgpgroups_subtractive['MESHRR-CLIENTS'].prefixes %}{{ prefix }} {% endfor %}];
}{% if UPSTREAM_SERVICE_NAME is not none %}
}
group MESHRR-UPSTREAM {
type internal;
export UPSTREAM-OUT;
}{% endif %}
}
}
}
}
Expand Down

0 comments on commit 9620996

Please sign in to comment.