Lothlorien example w/ YAML

Author: jrokeach

examples/2regions-hrr/meshrr-lothlorien.yaml

@@ -1,4 +1,30 @@
 ---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: meshrr-lothlorien-conf
+data:
+  meshrr.conf.yml: |+
+    encrypted_root_pw: NOLOGIN
+    asn: "65000"
+    mode: ipv4rr
+    bgpgroups:
+    - name: MESHRR-MESH
+      type: mesh
+      source:
+        sourcetype: dns
+        hostname: meshrr-lothlorien
+    - name: MESHRR-CLIENTS
+      type: subtractive
+      prefixes:
+      - 0.0.0.0/0
+    - name: MESHRR-UPSTREAM
+      type: mesh
+      source:
+        sourcetype: dns
+        hostname: meshrr-core
+      max_peers: 2
+---
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
@@ -121,6 +147,15 @@ spec:
           emptyDir: {}
         - name: ssh-id
           emptyDir: {}
+        - name: meshrr-conf
+          configMap:
+            defaultMode: 256
+            items:
+            - key: meshrr.conf.yml
+              mode: 256
+              path: meshrr.conf.yml
+            name: meshrr-lothlorien-conf
+            optional: false
         - configMap:
             defaultMode: 256
             items:
@@ -140,7 +175,11 @@ spec:
               mountPath: /secret/ssh/
             - name: config
               mountPath: /config/
-            - mountPath: /opt/meshrr/overrides/juniper.conf.j2
+            - name: meshrr-conf
+              mountPath: /opt/meshrr/conf/meshrr.conf.yml
+              readOnly: true
+              subPath: meshrr.conf.yml
+            - mountPath: /opt/meshrr/conf/juniper.conf.j2
               name: override-config
               readOnly: true
               subPath: juniper.conf.j2
@@ -154,17 +193,6 @@ spec:
                 secretKeyRef:
                   name: crpd-license
                   key: crpd-license
-            - name: AUTONOMOUS_SYSTEM
-              value: '65000'
-            - name: ENCRYPTED_ROOT_PW
-              value: >-
-                $6$4XN/d$QdZrrRZNL2MtGXqKuZ/mr1S5tH46eyBKTKeWGVugxfqCGjKKqH2LhP8yNoqfYwVNvc0xsd0JSl6s9epsSPB7M1
-            - name: MESH_SERVICE_NAME
-              value: meshrr-lothlorien
-            - name: UPSTREAM_SERVICE_NAME
-              value: meshrr-core
-            - name: MESHRR_CLIENTRANGE
-              value: 0/0
       containers:
         - name: crpd
           image: localhost/juniper/crpd:23.2R1.13
@@ -212,17 +240,15 @@ spec:
           volumeMounts:
             - name: ssh-id
               mountPath: /secret/ssh/
+            - name: meshrr-conf
+              mountPath: /opt/meshrr/conf/meshrr.conf.yml
+              readOnly: true
+              subPath: meshrr.conf.yml
           env:
             - name: POD_IP
               valueFrom:
                 fieldRef:
                   fieldPath: status.podIP
-            - name: MESH_SERVICE_NAME
-              value: meshrr-lothlorien
-            - name: UPSTREAM_SERVICE_NAME
-              value: meshrr-core
-            - name: MESHRR_CLIENTRANGE
-              value: 0/0
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -269,6 +295,15 @@ spec:
           emptyDir: {}
         - name: ssh-id
           emptyDir: {}
+        - name: meshrr-conf
+          configMap:
+            defaultMode: 256
+            items:
+            - key: meshrr.conf.yml
+              mode: 256
+              path: meshrr.conf.yml
+            name: meshrr-lothlorien-conf
+            optional: false
         - configMap:
             defaultMode: 256
             items:
@@ -288,7 +323,11 @@ spec:
               mountPath: /secret/ssh/
             - name: config
               mountPath: /config/
-            - mountPath: /opt/meshrr/overrides/juniper.conf.j2
+            - name: meshrr-conf
+              mountPath: /opt/meshrr/conf/meshrr.conf.yml
+              readOnly: true
+              subPath: meshrr.conf.yml
+            - mountPath: /opt/meshrr/conf/juniper.conf.j2
               name: override-config
               readOnly: true
               subPath: juniper.conf.j2
@@ -302,17 +341,6 @@ spec:
                 secretKeyRef:
                   name: crpd-license
                   key: crpd-license
-            - name: AUTONOMOUS_SYSTEM
-              value: '65000'
-            - name: ENCRYPTED_ROOT_PW
-              value: >-
-                $6$4XN/d$QdZrrRZNL2MtGXqKuZ/mr1S5tH46eyBKTKeWGVugxfqCGjKKqH2LhP8yNoqfYwVNvc0xsd0JSl6s9epsSPB7M1
-            - name: MESH_SERVICE_NAME
-              value: meshrr-lothlorien
-            - name: UPSTREAM_SERVICE_NAME
-              value: meshrr-core
-            - name: MESHRR_CLIENTRANGE
-              value: 0/0
       containers:
         - name: crpd
           image: localhost/juniper/crpd:23.2R1.13
@@ -360,17 +388,15 @@ spec:
           volumeMounts:
             - name: ssh-id
               mountPath: /secret/ssh/
+            - name: meshrr-conf
+              mountPath: /opt/meshrr/conf/meshrr.conf.yml
+              readOnly: true
+              subPath: meshrr.conf.yml
           env:
             - name: POD_IP
               valueFrom:
                 fieldRef:
                   fieldPath: status.podIP
-            - name: MESH_SERVICE_NAME
-              value: meshrr-lothlorien
-            - name: UPSTREAM_SERVICE_NAME
-              value: meshrr-core
-            - name: MESHRR_CLIENTRANGE
-              value: 0/0
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:

examples/2regions-hrr/templates/lothlorien-config.j2

@@ -1,6 +1,6 @@
 system {
     root-authentication {
-        encrypted-password "{{ ENCRYPTED_ROOT_PW }}"; ## SECRET-DATA
+        encrypted-password "{{ encrypted_root_pw }}"; ## SECRET-DATA
     }
     login {
         user meshrr {
@@ -40,12 +40,12 @@ groups {
                 group MESHRR-CLIENTS {
                     type internal;
                     cluster {{ POD_IP }};
-                    allow {{ MESHRR_CLIENTRANGE }};
-                }{% if UPSTREAM_SERVICE_NAME is not none %}
+                    allow [ {% for prefix in bgpgroups_subtractive['MESHRR-CLIENTS'].prefixes %}{{ prefix }} {% endfor %}];
+                }
                 group MESHRR-UPSTREAM {
                     type internal;
                     export UPSTREAM-OUT;
-                }{% endif %}
+                }
             }
         }
     }
@@ -68,7 +68,7 @@ policy-options {
     community INREGION-PREFERRED members 65000:102;
 }
 routing-options {
-    autonomous-system {{ AUTONOMOUS_SYSTEM }};
+    autonomous-system {{ asn }};
     router-id {{ POD_IP }};
 }
 protocols {

examples/2regions-hrr/templates/mirkwood-config.j2

@@ -41,11 +41,11 @@ groups {
                     type internal;
                     cluster {{ POD_IP }};
                     allow [ {% for prefix in bgpgroups_subtractive['MESHRR-CLIENTS'].prefixes %}{{ prefix }} {% endfor %}];
-                }{% if UPSTREAM_SERVICE_NAME is not none %}
+                }
                 group MESHRR-UPSTREAM {
                     type internal;
                     export UPSTREAM-OUT;
-                }{% endif %}
+                }
             }
         }
     }