github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixup docker configuration for sdn

pull/6/head
derekwaynecarr 2014-10-13 17:27:15 -04:00
parent 97dd7302ac
commit b836e31cf4
2 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/saltbase/salt/sdn/init.sls
View File

@ -12,5 +12,4 @@ sdn:
- watch: - watch:
- pkg: docker-io - pkg: docker-io
- pkg: openvswitch - pkg: openvswitch
{% endif %} {% endif %}

35
cluster/vagrant/provision-network.sh
View File

@ -86,30 +86,37 @@ cat <<EOF > /${NETWORK_CONF_PATH}route-${DOCKER_BRIDGE}
${BRIDGE_BASE}.0.0/16 dev ${DOCKER_BRIDGE} scope link src ${BRIDGE_ADDRESS} ${BRIDGE_BASE}.0.0/16 dev ${DOCKER_BRIDGE} scope link src ${BRIDGE_ADDRESS}
EOF EOF
# generate the post-configure script to be called by salt as cmd.wait # generate the post-configure script to be called by salt as cmd.wait
cat <<EOF > ${POST_NETWORK_SCRIPT} cat <<EOF > ${POST_NETWORK_SCRIPT}
#!/bin/bash #!/bin/bash
set -e set -e
# NAT interface fails to revive on network restart, so OR-gate to true
systemctl restart network.service || true
# set docker bridge up, and set stp on the ovs bridge # Only do this operation once, otherwise, we get docker.servicee files output on disk, and the command line arguments get applied multiple times
ip link set dev ${DOCKER_BRIDGE} up grep -q kbr0 /etc/sysconfig/docker || {
ovs-vsctl set Bridge ${OVS_SWITCH} stp_enable=true # Stop docker before making these updates
systemctl stop docker
# modify the docker service file such that it uses the kube docker bridge and not its own # NAT interface fails to revive on network restart, so OR-gate to true
sed -ie "s/ExecStart=\/usr\/bin\/docker -d/ExecStart=\/usr\/bin\/docker -d -b=${DOCKER_BRIDGE} --iptables=false/g" /usr/lib/systemd/system/docker.service systemctl restart network.service || true
systemctl daemon-reload
systemctl restart docker.service
# setup iptables masquerade rules so the pods can reach the internet # set docker bridge up, and set stp on the ovs bridge
iptables -t nat -A POSTROUTING -s ${BRIDGE_BASE}.0.0/16 ! -d ${BRIDGE_BASE}.0.0/16 -j MASQUERADE ip link set dev ${DOCKER_BRIDGE} up
ovs-vsctl set Bridge ${OVS_SWITCH} stp_enable=true
# persist please # modify the docker service file such that it uses the kube docker bridge and not its own
iptables-save >& /etc/sysconfig/iptables #echo "OPTIONS=-b=kbr0 --iptables=false --selinux-enabled" > /etc/sysconfig/docker
echo "OPTIONS='-b=kbr0 --iptables=false --selinux-enabled'" >/etc/sysconfig/docker
systemctl daemon-reload
systemctl restart docker.service
# setup iptables masquerade rules so the pods can reach the internet
iptables -t nat -A POSTROUTING -s ${BRIDGE_BASE}.0.0/16 ! -d ${BRIDGE_BASE}.0.0/16 -j MASQUERADE
# persist please
iptables-save >& /etc/sysconfig/iptables
}
EOF EOF
chmod +x ${POST_NETWORK_SCRIPT} chmod +x ${POST_NETWORK_SCRIPT}