provide vxlan integration options to the router cmd line

contrib/completions/bash/oadm

@@ -4308,6 +4308,8 @@ _oadm_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -4316,6 +4318,8 @@ _oadm_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")

contrib/completions/bash/oc

@@ -4358,6 +4358,8 @@ _oc_adm_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -4366,6 +4368,8 @@ _oc_adm_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")

contrib/completions/bash/openshift

@@ -4308,6 +4308,8 @@ _openshift_admin_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -4316,6 +4318,8 @@ _openshift_admin_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")
@@ -8905,6 +8909,8 @@ _openshift_cli_adm_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -8913,6 +8919,8 @@ _openshift_cli_adm_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")

contrib/completions/zsh/oadm

@@ -4469,6 +4469,8 @@ _oadm_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -4477,6 +4479,8 @@ _oadm_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")

contrib/completions/zsh/oc

@@ -4519,6 +4519,8 @@ _oc_adm_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -4527,6 +4529,8 @@ _oc_adm_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")

contrib/completions/zsh/openshift

@@ -4469,6 +4469,8 @@ _openshift_admin_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -4477,6 +4479,8 @@ _openshift_admin_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")
@@ -9066,6 +9070,8 @@ _openshift_cli_adm_router()
     local_nonpersistent_flags+=("--external-host-https-vserver=")
     flags+=("--external-host-insecure")
     local_nonpersistent_flags+=("--external-host-insecure")
+    flags+=("--external-host-internal-ip=")
+    local_nonpersistent_flags+=("--external-host-internal-ip=")
     flags+=("--external-host-partition-path=")
     local_nonpersistent_flags+=("--external-host-partition-path=")
     flags+=("--external-host-password=")
@@ -9074,6 +9080,8 @@ _openshift_cli_adm_router()
     local_nonpersistent_flags+=("--external-host-private-key=")
     flags+=("--external-host-username=")
     local_nonpersistent_flags+=("--external-host-username=")
+    flags+=("--external-host-vxlan-gw=")
+    local_nonpersistent_flags+=("--external-host-vxlan-gw=")
     flags+=("--force-subdomain=")
     local_nonpersistent_flags+=("--force-subdomain=")
     flags+=("--host-network")

docs/man/man1/oadm-router.1

@@ -59,6 +59,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-insecure\fP=false
     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.
 
+.PP
+\fB\-\-external\-host\-internal\-ip\fP=""
+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.
+
 .PP
 \fB\-\-external\-host\-partition\-path\fP=""
     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.
@@ -75,6 +79,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-username\fP=""
     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.
 
+.PP
+\fB\-\-external\-host\-vxlan\-gw\fP=""
+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.
+
 .PP
 \fB\-\-force\-subdomain\fP=""
     A router path format to force on all routes used by this router (will ignore the route host value)

docs/man/man1/oc-adm-router.1

@@ -59,6 +59,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-insecure\fP=false
     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.
 
+.PP
+\fB\-\-external\-host\-internal\-ip\fP=""
+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.
+
 .PP
 \fB\-\-external\-host\-partition\-path\fP=""
     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.
@@ -75,6 +79,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-username\fP=""
     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.
 
+.PP
+\fB\-\-external\-host\-vxlan\-gw\fP=""
+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.
+
 .PP
 \fB\-\-force\-subdomain\fP=""
     A router path format to force on all routes used by this router (will ignore the route host value)

docs/man/man1/openshift-admin-router.1

@@ -59,6 +59,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-insecure\fP=false
     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.
 
+.PP
+\fB\-\-external\-host\-internal\-ip\fP=""
+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.
+
 .PP
 \fB\-\-external\-host\-partition\-path\fP=""
     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.
@@ -75,6 +79,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-username\fP=""
     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.
 
+.PP
+\fB\-\-external\-host\-vxlan\-gw\fP=""
+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.
+
 .PP
 \fB\-\-force\-subdomain\fP=""
     A router path format to force on all routes used by this router (will ignore the route host value)

docs/man/man1/openshift-cli-adm-router.1

@@ -59,6 +59,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-insecure\fP=false
     If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.
 
+.PP
+\fB\-\-external\-host\-internal\-ip\fP=""
+    If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.
+
 .PP
 \fB\-\-external\-host\-partition\-path\fP=""
     If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.
@@ -75,6 +79,10 @@ If a router does not exist with the given name, this command will create a deplo
 \fB\-\-external\-host\-username\fP=""
     If the underlying router implementation connects with an external host, this is the username for authenticating with the external host.
 
+.PP
+\fB\-\-external\-host\-vxlan\-gw\fP=""
+    If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.
+
 .PP
 \fB\-\-force\-subdomain\fP=""
     A router path format to force on all routes used by this router (will ignore the route host value)

pkg/cmd/admin/router/router.go

@@ -183,6 +183,14 @@ type RouterConfig struct {
 	// the external host.
 	ExternalHostPrivateKey string
 
+	// ExternalHostInternalIP specifies the IP address of the internal interface that is
+	// used by the external host to connect to the pod network
+	ExternalHostInternalIP string
+
+	// ExternalHostVxLANGateway specifies the gateway IP and mask (cidr) of the IP
+	// address to be used to connect to the pod network from the external host
+	ExternalHostVxLANGateway string
+
 	// ExternalHostInsecure specifies that the router should skip strict
 	// certificate verification when connecting to the external host.
 	ExternalHostInsecure bool
@@ -271,6 +279,8 @@ func NewCmdRouter(f *clientcmd.Factory, parentName, name string, out, errout io.
 	cmd.Flags().StringVar(&cfg.ExternalHostHttpVserver, "external-host-http-vserver", cfg.ExternalHostHttpVserver, "If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTP connections.")
 	cmd.Flags().StringVar(&cfg.ExternalHostHttpsVserver, "external-host-https-vserver", cfg.ExternalHostHttpsVserver, "If the underlying router implementation uses virtual servers, this is the name of the virtual server for HTTPS connections.")
 	cmd.Flags().StringVar(&cfg.ExternalHostPrivateKey, "external-host-private-key", cfg.ExternalHostPrivateKey, "If the underlying router implementation requires an SSH private key, this is the path to the private key file.")
+	cmd.Flags().StringVar(&cfg.ExternalHostInternalIP, "external-host-internal-ip", cfg.ExternalHostInternalIP, "If the underlying router implementation requires the use of a specific network interface to connect to the pod network, this is the IP address of that internal interface.")
+	cmd.Flags().StringVar(&cfg.ExternalHostVxLANGateway, "external-host-vxlan-gw", cfg.ExternalHostVxLANGateway, "If the underlying router implementation requires VxLAN access to the pod network, this is the gateway address that should be used in cidr format.")
 	cmd.Flags().BoolVar(&cfg.ExternalHostInsecure, "external-host-insecure", cfg.ExternalHostInsecure, "If the underlying router implementation connects with an external host over a secure connection, this causes the router to skip strict certificate verification with the external host.")
 	cmd.Flags().StringVar(&cfg.ExternalHostPartitionPath, "external-host-partition-path", cfg.ExternalHostPartitionPath, "If the underlying router implementation uses partitions for control boundaries, this is the path to use for that partition.")
 
@@ -631,22 +641,24 @@ func RunCmdRouter(f *clientcmd.Factory, cmd *cobra.Command, out, errout io.Write
 	}
 
 	env := app.Environment{
-		"ROUTER_SUBDOMAIN":                    cfg.Subdomain,
-		"ROUTER_SERVICE_NAME":                 name,
-		"ROUTER_SERVICE_NAMESPACE":            namespace,
-		"ROUTER_SERVICE_HTTP_PORT":            "80",
-		"ROUTER_SERVICE_HTTPS_PORT":           "443",
-		"ROUTER_EXTERNAL_HOST_HOSTNAME":       cfg.ExternalHost,
-		"ROUTER_EXTERNAL_HOST_USERNAME":       cfg.ExternalHostUsername,
-		"ROUTER_EXTERNAL_HOST_PASSWORD":       cfg.ExternalHostPassword,
-		"ROUTER_EXTERNAL_HOST_HTTP_VSERVER":   cfg.ExternalHostHttpVserver,
-		"ROUTER_EXTERNAL_HOST_HTTPS_VSERVER":  cfg.ExternalHostHttpsVserver,
-		"ROUTER_EXTERNAL_HOST_INSECURE":       strconv.FormatBool(cfg.ExternalHostInsecure),
-		"ROUTER_EXTERNAL_HOST_PARTITION_PATH": cfg.ExternalHostPartitionPath,
-		"ROUTER_EXTERNAL_HOST_PRIVKEY":        privkeyPath,
-		"STATS_PORT":                          strconv.Itoa(cfg.StatsPort),
-		"STATS_USERNAME":                      cfg.StatsUsername,
-		"STATS_PASSWORD":                      cfg.StatsPassword,
+		"ROUTER_SUBDOMAIN":                      cfg.Subdomain,
+		"ROUTER_SERVICE_NAME":                   name,
+		"ROUTER_SERVICE_NAMESPACE":              namespace,
+		"ROUTER_SERVICE_HTTP_PORT":              "80",
+		"ROUTER_SERVICE_HTTPS_PORT":             "443",
+		"ROUTER_EXTERNAL_HOST_HOSTNAME":         cfg.ExternalHost,
+		"ROUTER_EXTERNAL_HOST_USERNAME":         cfg.ExternalHostUsername,
+		"ROUTER_EXTERNAL_HOST_PASSWORD":         cfg.ExternalHostPassword,
+		"ROUTER_EXTERNAL_HOST_HTTP_VSERVER":     cfg.ExternalHostHttpVserver,
+		"ROUTER_EXTERNAL_HOST_HTTPS_VSERVER":    cfg.ExternalHostHttpsVserver,
+		"ROUTER_EXTERNAL_HOST_INSECURE":         strconv.FormatBool(cfg.ExternalHostInsecure),
+		"ROUTER_EXTERNAL_HOST_PARTITION_PATH":   cfg.ExternalHostPartitionPath,
+		"ROUTER_EXTERNAL_HOST_PRIVKEY":          privkeyPath,
+		"ROUTER_EXTERNAL_HOST_INTERNAL_ADDRESS": cfg.ExternalHostInternalIP,
+		"ROUTER_EXTERNAL_HOST_VXLAN_GW_CIDR":    cfg.ExternalHostVxLANGateway,
+		"STATS_PORT":                            strconv.Itoa(cfg.StatsPort),
+		"STATS_USERNAME":                        cfg.StatsUsername,
+		"STATS_PASSWORD":                        cfg.StatsPassword,
 	}
 	if len(cfg.ForceSubdomain) > 0 {
 		env["ROUTER_SUBDOMAIN"] = cfg.ForceSubdomain