forked from angelnu/pod-gateway
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gateway_sidecar.sh
executable file
·95 lines (70 loc) · 2.1 KB
/
gateway_sidecar.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/bin/bash
set -ex
# Load main settings
cat /default_config/settings.sh
. /default_config/settings.sh
cat /config/settings.sh
. /config/settings.sh
# Make a copy of the original resolv.conf (so we can get the K8S DNS in case of a container reboot)
if [ ! -f /etc/resolv.conf.org ]; then
cp /etc/resolv.conf /etc/resolv.conf.org
echo "/etc/resolv.conf.org written"
fi
#Get K8S DNS
K8S_DNS=$(grep nameserver /etc/resolv.conf.org | cut -d' ' -f2)
cat << EOF > /etc/dnsmasq.d/pod-gateway.conf
# DHCP server settings
interface=vxlan0
bind-interfaces
# Dynamic IPs assigned to PODs - we keep a range for static IPs
dhcp-range=${VXLAN_IP_NETWORK}.${VXLAN_GATEWAY_FIRST_DYNAMIC_IP},${VXLAN_IP_NETWORK}.255,12h
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log-queries
# Log lots of extra information about DHCP transactions.
log-dhcp
# Log to stdout
log-facility=-
# Clear DNS cache on reload
clear-on-reload
# Enable DNSSEC validation and caching
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
# /etc/resolv.conf cannot be monitored by dnsmasq since it is in a different file system
# and dnsmasq monitors directories only
# copy_resolv.sh is used to copy the file on changes
resolv-file=${RESOLV_CONF_COPY}
EOF
for local_cidr in $DNS_LOCAL_CIDRS; do
cat << EOF >> /etc/dnsmasq.d/pod-gateway.conf
# Send ${local_cidr} DNS queries to the K8S DNS server
server=/${local_cidr}/${K8S_DNS}
EOF
done
# Make a copy of /etc/resolv.conf
/bin/copy_resolv.sh
# Dnsmasq daemon
dnsmasq -k &
dnsmasq=$!
# inotifyd to keep in sync resolv.conf copy
# Monitor file content (c) and metadata (e) changes
inotifyd /bin/copy_resolv.sh /etc/resolv.conf:ce &
inotifyd=$!
_kill_procs() {
echo "Signal received -> killing processes"
kill -TERM $dnsmasq || /bin/true
wait $dnsmasq
rc=$?
kill -TERM $inotifyd || /bin/true
wait $inotifyd
rc=$(( $rc || $? ))
echo "Terminated with RC: $rc"
exit $rc
}
# Setup a trap to catch SIGTERM and relay it to child processes
trap _kill_procs SIGTERM
#Wait for any children to terminate
wait -n
echo "TERMINATING"
# kill remaining processes
_kill_procs