mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-02 03:31:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Support for Reading Peer Passwords via a File (#986)

Browse Source 
* Add support for reading peer passwords via a file

Syntax of the file is the same as for --peer-router-passwords, that is,
a comma separated list of base64 encoded passwords.

Passwords specified with --peer-router-passwords have precedence over
passwords read from peer-router-passwords-file.

* fix(options): peer password file linting and doc

Co-authored-by: Jean Raby <jean@raby.sh>
This commit is contained in:
Aaron U'Ren 2020-09-08 16:16:21 -05:00 committed by GitHub
parent ac556abeed
commit 824614d162
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/user-guide.md
View File

@ -77,6 +77,7 @@ Usage of kube-router:
--peer-router-ips ipSlice The ip address of the external router to which all nodes will peer and advertise the cluster ip and pod cidr's. (default [])
--peer-router-multihop-ttl uint8 Enable eBGP multihop supports -- sets multihop-ttl. (Relevant only if ttl >= 2)
--peer-router-passwords strings Password for authenticating against the BGP peer defined with "--peer-router-ips".
--peer-router-passwords-file string Path to file containing password for authenticating against the BGP peer defined with "--peer-router-ips". --peer-router-passwords will be preferred if both are set.
--peer-router-ports uints The remote port of the external BGP to which all nodes will peer. If not set, default BGP port (179) will be used. (default [])
--router-id string BGP router-id. Must be specified in a ipv6 only cluster.
--routes-sync-period duration The delay between route updates and advertisements (e.g. '5s', '1m', '2h22m'). Must be greater than 0. (default 5m0s)

13
pkg/controllers/routing/network_routes_controller.go
View File

@ -1050,13 +1050,24 @@ func NewNetworkRoutingController(clientset kubernetes.Interface,
peerPorts = append(peerPorts, uint32(i))
}
// Decode base64 passwords
// PeerPasswords as cli params take precedence over password file
peerPasswords := make([]string, 0)
if len(kubeRouterConfig.PeerPasswords) != 0 {
peerPasswords, err = stringSliceB64Decode(kubeRouterConfig.PeerPasswords)
if err != nil {
return nil, fmt.Errorf("Failed to parse CLI Peer Passwords flag: %s", err)
}
} else if len(kubeRouterConfig.PeerPasswordsFile) != 0 {
// Contents of the pw file should be in the same format as pw from CLI arg
pwFileBytes, err := ioutil.ReadFile(kubeRouterConfig.PeerPasswordsFile)
if err != nil {
return nil, fmt.Errorf("Error loading Peer Passwords File : %s", err)
}
pws := strings.Split(string(pwFileBytes), ",")
peerPasswords, err = stringSliceB64Decode(pws)
if err != nil {
return nil, fmt.Errorf("Failed to decode CLI Peer Passwords file: %s", err)
}
}
nrc.globalPeerRouters, err = newGlobalPeers(kubeRouterConfig.PeerRouters, peerPorts, peerASNs, peerPasswords, nrc.bgpHoldtime)

3
pkg/options/options.go
View File

@ -56,6 +56,7 @@ type KubeRouterConfig struct {
PeerASNs []uint
PeerMultihopTTL uint8
PeerPasswords []string
PeerPasswordsFile string
PeerPorts []uint
PeerRouters []net.IP
RouterID string
@ -167,6 +168,8 @@ func (s *KubeRouterConfig) AddFlags(fs *pflag.FlagSet) {
"Enable eBGP multihop supports -- sets multihop-ttl. (Relevant only if ttl >= 2)")
fs.StringSliceVar(&s.PeerPasswords, "peer-router-passwords", s.PeerPasswords,
"Password for authenticating against the BGP peer defined with \"--peer-router-ips\".")
fs.StringVar(&s.PeerPasswordsFile, "peer-router-passwords-file", s.PeerPasswordsFile,
"Path to file containing password for authenticating against the BGP peer defined with \"--peer-router-ips\". --peer-router-passwords will be preferred if both are set.")
fs.UintSliceVar(&s.PeerPorts, "peer-router-ports", s.PeerPorts,
"The remote port of the external BGP to which all nodes will peer. If not set, default BGP port ("+strconv.Itoa(DefaultBgpPort)+") will be used.")
fs.StringVar(&s.RouterID, "router-id", "", "BGP router-id. Must be specified in a ipv6 only cluster.")