-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-entrypoint.sh
executable file
·72 lines (62 loc) · 2.43 KB
/
docker-entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env bash
set -ex
# Figure out eth0's IP address. This JQ query is more complex than it
# should be because the "ip" command in the Envoy pods outputs a
# couple of weird empty objects along with the eth0 object and we need
# to handle that.
ETH0_IP=$(ip -json addr show dev eth0 | jq --raw-output ".[].addr_info[] | select(.label==\"eth0\") | .local")
echo eth0 IP address: $ETH0_IP
# patch Marin3r's Envoy bootstrap config to bind the admin interface to eth0 only
sed --in-place=.bak "s/\"address\":\"0.0.0.0\"/\"address\":\"${ETH0_IP}\"/" /etc/envoy/bootstrap/config.json
# If this is a TrueIngress LB, then set up routes to send traffic by
# default through net1 (the TrueIngress/Multus interface) with pod and
# internal service network traffic going through eth0, the k8s
# interface. TrueIngress is the default, so it needs to be explicitly
# disabled.
if [ "$TRUEINGRESS" != "disabled" ] ; then
# If the SERVICE_CIDR env var is set, add a route to send internal
# service traffic to the k8s/default interface
if [ "X$SERVICE_CIDR" != "X" ] ; then
IFS=',' read -ra addrs <<< "$SERVICE_CIDR"
for addr in "${addrs[@]}" ; do
ip route add "$addr" dev eth0
done
fi
# If the HOST_IP env var is set, add a route to send internal
# service traffic to the k8s/default interface
if [ "X$HOST_IP" != "X" ] ; then
ip route add "$HOST_IP" dev eth0
fi
# We don't want a default route through eth0 so we delete one if
# it's there.
ip -6 route delete default dev eth0 || true
# We don't need to add a default through net1 - radvd does that
# for us.
# set up routes to send traffic by default through net1
ip route delete 0.0.0.0/0
ip route add 0.0.0.0/0 dev net1
fi
loglevel="${loglevel:-}"
# if the first argument look like a parameter (i.e. start with '-'), run Envoy
if [ "${1#-}" != "$1" ]; then
set -- envoy "$@"
fi
if [ "$1" = 'envoy' ]; then
# set the log level if the $loglevel variable is set
if [ -n "$loglevel" ]; then
set -- "$@" --log-level "$loglevel"
fi
fi
if [ "$ENVOY_UID" != "0" ]; then
if [ -n "$ENVOY_UID" ]; then
usermod -u "$ENVOY_UID" envoy
fi
if [ -n "$ENVOY_GID" ]; then
groupmod -g "$ENVOY_GID" envoy
fi
# Ensure the envoy user is able to write to container logs
chown envoy:envoy /dev/stdout /dev/stderr
su-exec envoy "${@}"
else
exec "${@}"
fi