diff --git a/docs/ipam.sexp b/docs/ipam.sexp index c827fd2d..21bf61c8 100644 --- a/docs/ipam.sexp +++ b/docs/ipam.sexp @@ -95,6 +95,9 @@ (net PROD-PUBLIC 2001:5a8:4002:9301::/64 (description "Address space for public services") ) + (net PROD-K8S 2001:5a8:4002:9308::/64 + (description "Public address space for k8s nodes") + ) (net HOME-USERS-V6 2001:5a8:4002:930a::/64 (description "IP space for ethernet connected users") ) diff --git a/netconf/charon.rkt b/netconf/charon.rkt new file mode 100644 index 00000000..95c9455f --- /dev/null +++ b/netconf/charon.rkt @@ -0,0 +1,38 @@ +#lang racket + +(require "util.rkt") +(require "dn42.rkt") +(require "vyos-firewall.rkt") + +(define upstream-ll-addr6 "fe80::5054:ff:fed6:96c") +(define upstream-ll-addr4 "169.254.0.1") +(define wan "eth0") +(define k8sbr "eth1") + +(define commands + `[(set system host-name "charon") + ,(basic-vyos-conf) + + (delete interfaces) + (set interfaces [(loopback lo) + (ethernet ,wan [(hw-id "52:54:00:0c:b0:df") + (description "Link to upstream firewall") + (address "169.254.0.2/24")]) + (ethernet ,k8sbr [(hw-id "52:54:00:06:8c:9a") + (description "k8sbr") + (address "fca7:b01:f00d:c00b::1/64") + (address "2001:5a8:4002:9308::1/64")])]) + + (set protocols static [(route "0.0.0.0/0" [(next-hop ,upstream-ll-addr4) + (interface ,wan)]) + (route6 "::/0" [(next-hop ,upstream-ll-addr6) + (interface ,wan)])]) + + (set service router-advert interface ,k8sbr [(prefix "fca7:b01:f00d:c00b::/64") + (prefix "2001:5a8:4002:9308::/64") + (name-server "fca7:b01:f00d:c00b::1") + (default-preference high)])]) + + +(for ([s (commandtree->strings commands)]) + (displayln s)) diff --git a/netconf/util.rkt b/netconf/util.rkt index ace18e04..8bcfad61 100644 --- a/netconf/util.rkt +++ b/netconf/util.rkt @@ -45,7 +45,8 @@ commandtree->string commandtree->strings bgp/link-local - bgp/link-local:render-vyos) + bgp/link-local:render-vyos + basic-vyos-conf) (define (command->string c) (string-join (map (match-lambda @@ -156,4 +157,8 @@ cmds src dst)) -(define-record-setter firewall/rule) \ No newline at end of file +(define-record-setter firewall/rule) + +(define (basic-vyos-conf) + '(set system [(console device ttyS0 speed "115200") + (config-management commit-revisions "10000")])) \ No newline at end of file