3 CNI_VERSION=${CNI_VERSION:-"v0.8.5"}
4 IMAGE_ARC=${IMAGE_ARC:-"amd64"}
7 # Make a ovn4nfv.d directory (for our kubeconfig)
8 # Inspired from t.ly/Xgbbe
9 mkdir -p $CNI_CONF_DIR/ovn4nfv-k8s.d
10 OVN4NFV_KUBECONFIG=$CNI_CONF_DIR/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig
11 SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount
12 KUBE_CA_FILE=${KUBE_CA_FILE:-$SERVICE_ACCOUNT_PATH/ca.crt}
13 SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
14 SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false}
16 # Check if we're running as a k8s pod.
17 if [ -f "$SERVICE_ACCOUNT_PATH/token" ]; then
18 # We're running as a k8d pod - expect some variables.
19 if [ -z ${KUBERNETES_SERVICE_HOST} ]; then
20 error "KUBERNETES_SERVICE_HOST not set"; exit 1;
22 if [ -z ${KUBERNETES_SERVICE_PORT} ]; then
23 error "KUBERNETES_SERVICE_PORT not set"; exit 1;
26 if [ "$SKIP_TLS_VERIFY" == "true" ]; then
27 TLS_CFG="insecure-skip-tls-verify: true"
28 elif [ -f "$KUBE_CA_FILE" ]; then
29 TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
32 # Write a kubeconfig file for the CNI plugin. Do this
33 # to skip TLS verification for now. We should eventually support
34 # writing more complete kubeconfig files. This is only used
35 # if the provided CNI network config references it.
36 touch $OVN4NFV_KUBECONFIG
37 chmod ${KUBECONFIG_MODE:-600} $OVN4NFV_KUBECONFIG
38 cat > $OVN4NFV_KUBECONFIG <<EOF
39 # Kubeconfig file for OVN4NFV-K8S CNI plugin.
45 server: ${KUBERNETES_SERVICE_PROTOCOL:-https}://[${KUBERNETES_SERVICE_HOST}]:${KUBERNETES_SERVICE_PORT}
50 token: "${SERVICEACCOUNT_TOKEN}"
52 - name: ovn4nfv-context
56 current-context: ovn4nfv-context
59 warn "Doesn't look like we're running in a kubernetes environment (no serviceaccount token)"
63 install_cni_plugins() {
64 curl --insecure --compressed -O -L https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION/cni-plugins-linux-$IMAGE_ARC-$CNI_VERSION.tgz
65 tar -zxvf cni-plugins-linux-$IMAGE_ARC-$CNI_VERSION.tgz -C $CNI_BIN_DIR
66 rm -rf cni-plugins-linux-$IMAGE_ARC-$CNI_VERSION.tgz
69 set_snat_default_inteface() {
70 default_interface=$(awk '$2 == 00000000 { print $1 }' /proc/net/route)
72 # Checking the SNAT for default interfaces
73 if ! iptables -t nat -C POSTROUTING -o $default_interface -j MASQUERADE 2>/dev/null ; then
74 iptables -t nat -A POSTROUTING -o $default_interface -j MASQUERADE
82 CNI_BIN_DIR="/host/opt/cni/bin"
83 OVN4NFV_CONF_DIR="/host/etc/openvswitch"
84 OVN4NFV_BIN_FILE="/usr/local/bin/ovn4nfvk8s-cni"
85 OVN4NFV_CONF_FILE="/tmp/ovn4nfv-conf/ovn4nfv_k8s.conf"
86 OVN4NFV_NET_CONF_FILE="/tmp/ovn4nfv-cni/00-network.conf"
87 CNI_CONF_DIR="/host/etc/cni/net.d"
89 cp -f $OVN4NFV_BIN_FILE $CNI_BIN_DIR
90 cp -f $OVN4NFV_CONF_FILE $OVN4NFV_CONF_DIR
91 cp -f $OVN4NFV_NET_CONF_FILE $CNI_CONF_DIR
92 set_snat_default_inteface
109 echo "invalid command ${cmd}"