From f34707a8adb363da6aba3f869695ecb5fa0fb29e Mon Sep 17 00:00:00 2001
From: RouxAntoine <antoinroux@hotmail.fr>
Date: Mon, 3 Jul 2023 21:47:20 +0200
Subject: [PATCH] feature: version 1.0.0 of working keepalived as static pod

---
 Dockerfile               |  37 ++++++++--
 Makefile                 |   3 +-
 init.sh                  | 147 +--------------------------------------
 keepalived.template.conf |  50 +++++++++++++
 4 files changed, 85 insertions(+), 152 deletions(-)
 create mode 100644 keepalived.template.conf

diff --git a/Dockerfile b/Dockerfile
index 714b751..7c4c07b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,39 @@
-FROM alpine:latest
+FROM alpine:3.18
+
+LABEL architecture="$TARGETPLATFORM" \
+    license="beerware" \
+    name="keepalived" \
+    summary="Alpine based keepalived container" \
+    mantainer="antoinroux@hotmail.fr"
 
 RUN apk add --no-cache \
     bash       \
     curl       \
-    ipvsadm    \
-    iproute2   \
     keepalived \
+    gettext    \
     && addgroup -S keepalived_script \
     && adduser -S -s /sbin/nologin -G keepalived_script -H keepalived_script
 
-COPY check_apiserver.sh /usr/lib/keepalived/scripts/chk_kube_apiserver.sh
+ENV STATE BACKUP
+ENV INTERFACE enp3s0
+ENV PRIORITY 200
+ENV PASSWORD ""
+ENV SRC_IP ""
+ENV PEER_IP_0 ""
+ENV PEER_IP_1 ""
 
-COPY init.sh /
-RUN chmod +x /init.sh
-CMD ["/init.sh"]
+COPY --chmod=750 --chown=keepalived_script:keepalived_script check_apiserver.sh /usr/lib/keepalived/scripts/chk_kube_apiserver.sh
+COPY keepalived.template.conf /etc/keepalived/keepalived.template.conf
+
+COPY --chmod=750 init.sh /
+
+ENTRYPOINT ["/init.sh"]
+CMD ["/usr/sbin/keepalived", "--dont-fork", "--log-console"]
+
+# Customise keepalived with:
+#       args: # override options in the Dockerfile
+  #        - --vrrp
+  #        - --log-detail
+  #        - --dump-conf
+  #        - --use-file=/etc/keepalived/keepalived.conf
+# CMD ["--vrrp","--log-detail","--dump-conf"]
diff --git a/Makefile b/Makefile
index 5d11233..8678ee1 100644
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,8 @@ VERBOSITY=debug
 ## build
 
 imageKeepalived:
-	$(shell docker-multi-arch-builder build -n keepalived-k8s --platforms $(PLATFORM) -v $(VERBOSITY))
+	docker manifest rm $(REGISTRY_IP):5000/keepalived-k8s:latest || true
+	docker-multi-arch-builder build -n keepalived-k8s --platforms $(PLATFORM) -v $(VERBOSITY)
 
 ## management
 
diff --git a/init.sh b/init.sh
index e2d8188..dff2ef6 100644
--- a/init.sh
+++ b/init.sh
@@ -1,146 +1,5 @@
-#!/bin/bash
+#!/bin/sh
 
-set -e
-set -o pipefail
+envsubst < /etc/keepalived/keepalived.template.conf > /etc/keepalived/keepalived.conf
 
-config_keepalived() {
-  if ! compgen -A variable | grep -q -E 'KEEPALIVED_VIRTUAL_IPADDRESS_[0-9]{1,3}'; then
-    echo "[$(date)][KEEPALIVED] No KEEPALIVED_VIRTUAL_IPADDRESS_ varibles detected."
-    return 1
-  fi
-
-  KEEPALIVED_STATE=${KEEPALIVED_STATE:-MASTER}
-
-  if [[ "${KEEPALIVED_STATE^^}" == 'MASTER' ]]; then
-    KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY:-200}
-  elif [[ "${KEEPALIVED_STATE^^}" == 'BACKUP' ]]; then
-    KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY:-100}
-  fi
-
-  KEEPALIVED_INTERFACE=${KEEPALIVED_INTERFACE:-eth0}
-  KEEPALIVED_VIRTUAL_ROUTER_ID=${KEEPALIVED_VIRTUAL_ROUTER_ID:-1}
-  KEEPALIVED_ADVERT_INT=${KEEPALIVED_ADVERT_INT:-1}
-  KEEPALIVED_AUTH_PASS=${KEEPALIVED_AUTH_PASS:-"pwd$KEEPALIVED_VIRTUAL_ROUTER_ID"}
-
-  if [[ ! $KEEPALIVED_UNICAST_SRC_IP ]]; then
-    bind_target="$(ip addr show "$KEEPALIVED_INTERFACE" | \
-      grep -m 1 -E -o 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}')"
-    KEEPALIVED_UNICAST_SRC_IP="$bind_target"
-  fi
-
-  {
-    echo 'global_defs {'
-    echo 'router_id LVS_MAIN'
-    echo 'enable_script_security'
-    echo '}'
-  } > "$KEEPALIVED_CONF"
-
-  if [[ ${KEEPALIVED_KUBE_APISERVER_CHECK,,} == 'true' ]]; then
-    # if no address supplied, assume its the first (or only) VIP
-    if [[ ! $KUBE_APISERVER_ADDRESS ]]; then
-      kube_api_vip="$(compgen -A variable | grep -E 'KEEPALIVED_VIRTUAL_IPADDRESS_[0-9]{1,3}' | head -1)"
-      KUBE_APISERVER_ADDRESS="$(echo "${!kube_api_vip}" | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
-    fi
-    KUBE_APISERVER_PORT=${KUBE_APISERVER_PORT:-6443}
-    KUBE_APISERVER_CHK_INTERVAL=${KUBE_APISERVER_CHK_INTERVAL:-'3'}
-    KUBE_APISERVER_CHK_WEIGHT=${KUBE_APISERVER_CHK_WEIGHT:-'-50'}
-    KUBE_APISERVER_CHK_FALL=${KUBE_APISERVER_CHK_FALL:-'10'}
-    KUBE_APISERVER_CHK_RISE=${KUBE_APISERVER_CHK_RISE:-'2'}
-    CHECK_SCRIPT_PATH=${CHECK_SCRIPT_PATH:-'/usr/lib/keepalived/scripts/chk_kube_apiserver.sh'}
-    chmod +x $CHECK_SCRIPT_PATH
-    {
-      echo 'vrrp_script chk_kube_apiserver {'
-      echo "  script \"$CHECK_SCRIPT_PATH $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
-      echo "  interval $KUBE_APISERVER_CHK_INTERVAL"
-      echo "  fall $KUBE_APISERVER_CHK_FALL"
-      echo "  rise $KUBE_APISERVER_CHK_RISE"
-      echo "  weight $KUBE_APISERVER_CHK_WEIGHT"
-      echo '}'
-    } >> "$KEEPALIVED_CONF"
-  fi
-
-  {
-    echo 'vrrp_instance MAIN {'
-    echo "  state $KEEPALIVED_STATE"
-    echo "  interface $KEEPALIVED_INTERFACE"
-    echo "  virtual_router_id $KEEPALIVED_VIRTUAL_ROUTER_ID"
-    echo "  priority $KEEPALIVED_PRIORITY"
-    echo "  advert_int $KEEPALIVED_ADVERT_INT"
-    echo "  unicast_src_ip $KEEPALIVED_UNICAST_SRC_IP"
-    echo '  unicast_peer {'
-  } >> "$KEEPALIVED_CONF"
-  for peer in $(compgen -A variable | grep -E "KEEPALIVED_UNICAST_PEER_[0-9]{1,3}"); do
-    echo "    ${!peer}" >> "$KEEPALIVED_CONF"
-  done
-  {
-    echo '  }'
-    echo '  authentication {'
-    echo '    auth_type PASS'
-    echo "    auth_pass $KEEPALIVED_AUTH_PASS"
-    echo '  }'
-    echo '  virtual_ipaddress {'
-  }  >> "$KEEPALIVED_CONF"
-  for vip in $(compgen -A variable | grep -E 'KEEPALIVED_VIRTUAL_IPADDRESS_[0-9]{1,3}'); do
-    echo "    ${!vip}" >> "$KEEPALIVED_CONF"
-  done
-  echo '  }' >> "$KEEPALIVED_CONF"
-
-  if compgen -A variable | grep -q -E 'KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_[0-9]{1,3}'; then
-    echo '  virtual_ipaddress_excluded {' >> "$KEEPALIVED_CONF"
-    for evip in $(compgen -A variable | grep -E 'KEEPALIVED_VIRTUAL_IPADDRESS_EXCLUDED_[0-9]{1,3}'); do
-      echo "    ${!evip}" >> "$KEEPALIVED_CONF"
-    done
-    echo '  }' >> "$KEEPALIVED_CONF"
-  fi
-
-  if compgen -A variable | grep -q -E 'KEEPALIVED_TRACK_INTERFACE_[0-9]{1,3}'; then
-    echo '  track_interface {' >> "$KEEPALIVED_CONF"
-    for interface in $(compgen -A variable | grep -E 'KEEPALIVED_TRACK_INTERFACE_[0-9]{1,3}'); do
-      echo "    ${!interface}" >> "$KEEPALIVED_CONF"
-    done
-    echo '  }' >> "$KEEPALIVED_CONF"
-  else
-    {
-      echo '  track_interface {'
-      echo "    $KEEPALIVED_INTERFACE"
-      echo '}'
-    } >> "$KEEPALIVED_CONF"
- fi
- if [[ ${KEEPALIVED_KUBE_APISERVER_CHECK,,} == 'true' ]]; then
-   {
-     echo '  track_script {'
-     echo '    chk_kube_apiserver'
-     echo '  }'
-   } >> "$KEEPALIVED_CONF"
- fi
-
-  echo '}' >> "$KEEPALIVED_CONF"
-
-  return 0
-}
-
-init_vars() {
-  KEEPALIVED_AUTOCONF=${KEEPALIVED_AUTOCONF:-true}
-  KEEPALIVED_DEBUG=${KEEPALIVED_DEBUG:-false}
-  KEEPALIVED_KUBE_APISERVER_CHECK=${KEEPALIVED_KUBE_APISERVER_CHECK:-false}
-  KEEPALIVED_CONF=${KEEPALIVED_CONF:-/etc/keepalived/keepalived.conf}
-  KEEPALIVED_VAR_RUN=${KEEPALIVED_VAR_RUN:-/var/run/keepalived}
-  if [[ ${KEEPALIVED_DEBUG,,} == 'true' ]]; then
-    local kd_cmd="/usr/sbin/keepalived -n -l -D -f $KEEPALIVED_CONF"
-  else
-    local kd_cmd="/usr/sbin/keepalived -n -l -f $KEEPALIVED_CONF"
-  fi
-  KEEPALIVED_CMD=${KEEPALIVED_CMD:-"$kd_cmd"}
-}
-
-main() {
-  init_vars
-  if [[ ${KEEPALIVED_AUTOCONF,,} == 'true' ]]; then
-    config_keepalived
-  fi
-  rm -fr "$KEEPALIVED_VAR_RUN"
-  # shellcheck disable=SC2086
-  exec $KEEPALIVED_CMD
-}
-
-main
+exec "$@"
diff --git a/keepalived.template.conf b/keepalived.template.conf
new file mode 100644
index 0000000..1f1985a
--- /dev/null
+++ b/keepalived.template.conf
@@ -0,0 +1,50 @@
+global_defs {
+    vrrp_version 2
+    vrrp_garp_master_delay 1
+    vrrp_garp_master_refresh 60
+    enable_script_security
+}
+
+vrrp_script haproxy-check {
+    # -0 checks if the process is running
+    script "/usr/lib/keepalived/scripts/chk_kube_apiserver.sh 192.168.2.4 6443"
+    interval 2
+    weight 20
+    user keepalived_script
+}
+
+vrrp_instance haproxy-virtual-ip {
+    state $STATE
+
+#   Make sure the interface is aligned with your server's network interface
+    interface $INTERFACE
+
+#   The virtual router ID must be unique to each VRRP instance that you define
+    virtual_router_id 55
+
+#   Make sure the priority is higher on the master server than on backup servers
+    priority $PRIORITY
+
+#   advertisement interval, 1 second
+    advert_int 1
+
+    authentication {
+        auth_type PASS
+        auth_pass $PASSWORD
+    }
+
+    unicast_src_ip $SRC_IP
+
+    unicast_peer {
+        $PEER_IP_0
+        $PEER_IP_1
+    }
+
+    virtual_ipaddress {
+        192.168.2.4/32
+    }
+
+    track_script {
+        haproxy-check weight 20
+    }
+}
\ No newline at end of file