bring back mcp to enable forwarding

karampok · Jun 25, 2024 · 977f696 · 977f696
1 parent 4188b3f
commit 977f696
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 6 deletions.
diff --git a/infra/mno-template/openshift/50-restricted-forwarding-control.yaml b/infra/mno-template/openshift/50-restricted-forwarding-control.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 99-worker-enable-restricted-forwarding-controlplane
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+      - contents:
+          source: data:text/plain;charset=utf-8;base64,bmV0LmlwdjQuY29uZi5ib25kMC8xMS5mb3J3YXJkaW5nID0gMQpuZXQuaXB2NC5jb25mLmJvbmQwLzEyLmZvcndhcmRpbmcgPSAxCg==
+        filesystem: root
+        mode: 0420
+        path: /etc/sysctl.d/restricted-forwarding.conf
+    systemd:
+      units:
+      - contents: |
+          [Unit]
+          After=network.target
+          [Service]
+          Type=oneshot
+          ExecStart=iptables -P FORWARD DROP
+          [Install]
+          WantedBy=multi-user.target
+        enabled: true
+        name: one-shot-forward-drop.service
diff --git a/infra/mno-template/openshift/50-restricted-forwarding.yaml b/infra/mno-template/openshift/50-restricted-forwarding.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 99-worker-enable-restricted-forwarding
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+    storage:
+      files:
+      - contents:
+          source: data:text/plain;charset=utf-8;base64,bmV0LmlwdjQuY29uZi5ib25kMC8xMS5mb3J3YXJkaW5nID0gMQpuZXQuaXB2NC5jb25mLmJvbmQwLzEyLmZvcndhcmRpbmcgPSAxCg==
+        filesystem: root
+        mode: 0420
+        path: /etc/sysctl.d/restricted-forwarding.conf
+    systemd:
+      units:
+      - contents: |
+          [Unit]
+          After=network.target
+          [Service]
+          Type=oneshot
+          ExecStart=iptables -P FORWARD DROP
+          [Install]
+          WantedBy=multi-user.target
+        enabled: true
+        name: one-shot-forward-drop.service
diff --git a/pkg/run-bgp-restart-demo.go b/pkg/run-bgp-restart-demo.go
@@ -13,13 +13,13 @@ func RunBGPGracefulRestart() *Run {
 	r := NewRun("Run BPG graceful restart demo")
 
 	c := `kubectl apply -f day2/blue-peering.yaml
-	 kubectl apply -f day2/green-peering.yaml
-	 kubectl apply -f day2/red-peering.yaml`
+kubectl apply -f day2/green-peering.yaml
+kubectl apply -f day2/red-peering.yaml`
 	r.Step(S("Setup peering"), S(c))
 
 	d := `kubectl apply -f day2/blue-pod-one.yaml
-	 kubectl apply -f day2/green-pod-one.yaml
-	 kubectl apply -f day2/red-pod-one.yaml`
+kubectl apply -f day2/green-pod-one.yaml
+kubectl apply -f day2/red-pod-one.yaml`
 	r.Step(S("Deploy workloads"), S(d))
 
 	c = `kubectl get pods -o wide; kubectl get svc`

diff --git a/telco-ocp-lab b/telco-ocp-lab
diff --git a/telco-ocp-lab.go b/telco-ocp-lab.go
@@ -17,6 +17,12 @@ var configFS embed.FS
 //go:embed infra/*
 var infraFS embed.FS
 
+//go:embed day1/*
+var day1FS embed.FS
+
+//go:embed day2/*
+var day2FS embed.FS
+
 //go:embed topo.clab.yaml
 var cclab []byte
 
@@ -83,7 +89,7 @@ func extractConfig() error {
 		}
 		return nil
 	}
-	for _, fs := range []*embed.FS{&configFS, &infraFS} {
+	for _, fs := range []*embed.FS{&configFS, &infraFS, &day1FS, &day2FS} {
 		if err := extractDir(fs); err != nil {
 			return err
 		}

diff --git a/topo.clab.yaml b/topo.clab.yaml
@@ -96,7 +96,9 @@ topology:
         - sysctl -w "net.ipv4.ip_forward=1"
         - ip route add default via 10.10.20.254
       binds:
-        - infra/:/workdir
+        - infra/:/root/deploy
+        - day1/:/root/day1
+        - day2/:/root/day2
         - /root/.ssh/authorized_keys:/root/.ssh/authorized_keys:ro
       ports:
         - 51820:51820/udp