|
| 1 | +apiVersion: v1 |
| 2 | +kind: ServiceAccount |
| 3 | +metadata: |
| 4 | + name: kilo-azure-route-sync |
| 5 | + namespace: cozy-cluster-autoscaler-azure |
| 6 | +--- |
| 7 | +apiVersion: rbac.authorization.k8s.io/v1 |
| 8 | +kind: ClusterRole |
| 9 | +metadata: |
| 10 | + name: kilo-azure-route-sync |
| 11 | +rules: |
| 12 | +- apiGroups: [""] |
| 13 | + resources: ["nodes"] |
| 14 | + verbs: ["get", "list", "watch"] |
| 15 | +--- |
| 16 | +apiVersion: rbac.authorization.k8s.io/v1 |
| 17 | +kind: ClusterRoleBinding |
| 18 | +metadata: |
| 19 | + name: kilo-azure-route-sync |
| 20 | +roleRef: |
| 21 | + apiGroup: rbac.authorization.k8s.io |
| 22 | + kind: ClusterRole |
| 23 | + name: kilo-azure-route-sync |
| 24 | +subjects: |
| 25 | +- kind: ServiceAccount |
| 26 | + name: kilo-azure-route-sync |
| 27 | + namespace: cozy-cluster-autoscaler-azure |
| 28 | +--- |
| 29 | +apiVersion: apps/v1 |
| 30 | +kind: Deployment |
| 31 | +metadata: |
| 32 | + name: kilo-azure-route-sync |
| 33 | + namespace: cozy-cluster-autoscaler-azure |
| 34 | +spec: |
| 35 | + replicas: 1 |
| 36 | + selector: |
| 37 | + matchLabels: |
| 38 | + app: kilo-azure-route-sync |
| 39 | + template: |
| 40 | + metadata: |
| 41 | + labels: |
| 42 | + app: kilo-azure-route-sync |
| 43 | + spec: |
| 44 | + serviceAccountName: kilo-azure-route-sync |
| 45 | + containers: |
| 46 | + - name: sync |
| 47 | + image: mcr.microsoft.com/azure-cli:2.67.0 |
| 48 | + imagePullPolicy: IfNotPresent |
| 49 | + env: |
| 50 | + - name: AZURE_CLIENT_ID |
| 51 | + valueFrom: |
| 52 | + secretKeyRef: |
| 53 | + name: cluster-autoscaler-azure-azure-cluster-autoscaler |
| 54 | + key: ClientID |
| 55 | + - name: AZURE_CLIENT_SECRET |
| 56 | + valueFrom: |
| 57 | + secretKeyRef: |
| 58 | + name: cluster-autoscaler-azure-azure-cluster-autoscaler |
| 59 | + key: ClientSecret |
| 60 | + - name: AZURE_TENANT_ID |
| 61 | + valueFrom: |
| 62 | + secretKeyRef: |
| 63 | + name: cluster-autoscaler-azure-azure-cluster-autoscaler |
| 64 | + key: TenantID |
| 65 | + - name: AZURE_SUBSCRIPTION_ID |
| 66 | + valueFrom: |
| 67 | + secretKeyRef: |
| 68 | + name: cluster-autoscaler-azure-azure-cluster-autoscaler |
| 69 | + key: SubscriptionID |
| 70 | + - name: AZURE_RESOURCE_GROUP |
| 71 | + valueFrom: |
| 72 | + secretKeyRef: |
| 73 | + name: cluster-autoscaler-azure-azure-cluster-autoscaler |
| 74 | + key: ResourceGroup |
| 75 | + - name: AZURE_ROUTE_TABLE |
| 76 | + value: kilo-routes-workers-serverscom |
| 77 | + - name: AZURE_VNET_NAME |
| 78 | + value: cozystack-vnet |
| 79 | + - name: AZURE_SUBNET_NAME |
| 80 | + value: workers-serverscom |
| 81 | + - name: AZURE_ROUTES |
| 82 | + value: to-serverscom=192.168.102.0/23 |
| 83 | + command: ["/bin/sh","-ceu"] |
| 84 | + args: |
| 85 | + - | |
| 86 | + az login --service-principal -u "$AZURE_CLIENT_ID" -p "$AZURE_CLIENT_SECRET" --tenant "$AZURE_TENANT_ID" >/dev/null |
| 87 | + az account set --subscription "$AZURE_SUBSCRIPTION_ID" |
| 88 | +
|
| 89 | + az aks install-cli --install-location /usr/local/bin/kubectl >/dev/null |
| 90 | +
|
| 91 | + sync_route() { |
| 92 | + route_name="$1" |
| 93 | + route_prefix="$2" |
| 94 | + leader_ip="$3" |
| 95 | + az network route-table route create -g "$AZURE_RESOURCE_GROUP" --route-table-name "$AZURE_ROUTE_TABLE" \ |
| 96 | + -n "$route_name" --address-prefix "$route_prefix" \ |
| 97 | + --next-hop-type VirtualAppliance --next-hop-ip-address "$leader_ip" >/dev/null || true |
| 98 | + az network route-table route update -g "$AZURE_RESOURCE_GROUP" --route-table-name "$AZURE_ROUTE_TABLE" \ |
| 99 | + -n "$route_name" --address-prefix "$route_prefix" \ |
| 100 | + --next-hop-type VirtualAppliance --next-hop-ip-address "$leader_ip" >/dev/null |
| 101 | + } |
| 102 | +
|
| 103 | + sync_all_routes() { |
| 104 | + leader_ip="$1" |
| 105 | + IFS=',' |
| 106 | + for entry in $AZURE_ROUTES; do |
| 107 | + route_name="${entry%%=*}" |
| 108 | + route_prefix="${entry#*=}" |
| 109 | + [ -n "$route_name" ] && [ -n "$route_prefix" ] || continue |
| 110 | + sync_route "$route_name" "$route_prefix" "$leader_ip" |
| 111 | + done |
| 112 | + unset IFS |
| 113 | + } |
| 114 | +
|
| 115 | + kubectl get node -w -l topology.kubernetes.io/zone=azure --no-headers \ |
| 116 | + -o 'custom-columns=NAME:.metadata.name,LEADER:.metadata.annotations.kilo\.squat\.ai/leader,IP:.status.addresses[?(@.type=="InternalIP")].address' \ |
| 117 | + | while read -r n leader ip; do |
| 118 | + echo "$(date -Iseconds) event node=${n} leader=${leader} ip=${ip}" |
| 119 | + [ "$leader" = "true" ] || continue |
| 120 | + az network vnet subnet update \ |
| 121 | + -g "$AZURE_RESOURCE_GROUP" \ |
| 122 | + --vnet-name "$AZURE_VNET_NAME" \ |
| 123 | + -n "$AZURE_SUBNET_NAME" \ |
| 124 | + --route-table "$AZURE_ROUTE_TABLE" >/dev/null |
| 125 | +
|
| 126 | + sync_all_routes "$ip" |
| 127 | +
|
| 128 | + echo "$(date -Iseconds) synced routes to leader ${n} (${ip})" |
| 129 | + done |
0 commit comments