From f4b1871f2d46f5f8530f0bbbf0758b671bd3a762 Mon Sep 17 00:00:00 2001
From: RouxAntoine <antoinroux@hotmail.fr>
Date: Mon, 3 Jan 2022 17:21:52 +0100
Subject: [PATCH] migrate from static conf to dynamic

---
 Dockerfile         |  8 +++-----
 Makefile           |  2 +-
 check_apiserver.sh |  9 ++++++---
 init.sh            |  4 +++-
 keepalived.conf    | 42 ------------------------------------------
 5 files changed, 13 insertions(+), 52 deletions(-)
 delete mode 100644 keepalived.conf

diff --git a/Dockerfile b/Dockerfile
index 1cf6b0e..714b751 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,10 +9,8 @@ RUN apk add --no-cache \
     && addgroup -S keepalived_script \
     && adduser -S -s /sbin/nologin -G keepalived_script -H keepalived_script
 
-COPY keepalived.conf /etc/keepalived/keepalived.conf
-COPY check_apiserver.sh /etc/keepalived/check_apiserver.sh
+COPY check_apiserver.sh /usr/lib/keepalived/scripts/chk_kube_apiserver.sh
+
 COPY init.sh /
-
-RUN chmod +x /init.sh && chmod +x /etc/keepalived/check_apiserver.sh
-
+RUN chmod +x /init.sh
 CMD ["/init.sh"]
diff --git a/Makefile b/Makefile
index 47edd7e..faf2966 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ REGISTRY_IP=docker.registry
 # linux/arm/v6
 # linux/arm64
 # linux/amd64
-PLATFORM=linux/arm64
+PLATFORM=linux/amd64
 #OCI_CLI=nerdctl
 OCI_CLI=docker
 #OCI_CLI_BUILD=$(OCI_CLI)
diff --git a/check_apiserver.sh b/check_apiserver.sh
index c2bcc5b..2472c2e 100644
--- a/check_apiserver.sh
+++ b/check_apiserver.sh
@@ -1,11 +1,14 @@
 #!/bin/sh
 
+vip="$1"
+port="$2"
+
 errorExit() {
     echo "*** $*" 1>&2
     exit 1
 }
 
-curl --silent --max-time 2 --insecure https://localhost:6443/ -o /dev/null || errorExit "Error GET https://localhost:6443/"
-if ip addr | grep -q 100.105.163.74; then
-    curl --silent --max-time 2 --insecure https://100.105.163.74:6443/ -o /dev/null || errorExit "Error GET https://100.105.163.74:6443/"
+curl --silent --max-time 2 --insecure https://localhost:"$port"/healthz -o /dev/null || errorExit "Error GET https://localhost:$port/healthz"
+if ip addr | grep -q "$vip"; then
+    curl --silent --max-time 2 --insecure "https://$vip:$port/healthz" -o /dev/null || errorExit "Error GET https://$vip:$port/healthz"
 fi
\ No newline at end of file
diff --git a/init.sh b/init.sh
index 186eb5d..d6d95ec 100644
--- a/init.sh
+++ b/init.sh
@@ -31,6 +31,7 @@ config_keepalived() {
   {
     echo 'global_defs {'
     echo 'router_id LVS_MAIN'
+    echo 'enable_script_security'
     echo '}'
   } > "$KEEPALIVED_CONF"
 
@@ -45,9 +46,10 @@ config_keepalived() {
     KUBE_APISERVER_CHK_WEIGHT=${KUBE_APISERVER_CHK_WEIGHT:-'-50'}
     KUBE_APISERVER_CHK_FALL=${KUBE_APISERVER_CHK_FALL:-'10'}
     KUBE_APISERVER_CHK_RISE=${KUBE_APISERVER_CHK_RISE:-'2'}
+    CHECK_SCRIPT_PATH=${CHECK_SCRIPT_PATH:-'/usr/lib/keepalived/scripts/chk_kube_apiserver.sh'}
     {
       echo 'vrrp_script chk_kube_apiserver {'
-      echo "  script \"/usr/lib/keepalived/scripts/chk_kube_apiserver.sh $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
+      echo "  script \"$CHECK_SCRIPT_PATH $KUBE_APISERVER_ADDRESS $KUBE_APISERVER_PORT\""
       echo "  interval $KUBE_APISERVER_CHK_INTERVAL"
       echo "  fall $KUBE_APISERVER_CHK_FALL"
       echo "  rise $KUBE_APISERVER_CHK_RISE"
diff --git a/keepalived.conf b/keepalived.conf
deleted file mode 100644
index 580c060..0000000
--- a/keepalived.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-global_defs {
-   enable_script_security
-}
-
-vrrp_script chk_kube {
-    script "/etc/keepalived/check_apiserver.sh"
-    interval 2                                          # check every 2 seconds
-    weight 2                                            # add n points of prio if OK
-}
-
-vrrp_instance KUBE_VIP {
-    state BACKUP
-
-    # keepalived dialog interface
-    interface tailscale0
-
-    virtual_router_id 51
-    priority 50
-    # VRRP Advert interval in seconds (e.g. 0.92) (use default)
-    advert_int 1
-    preempt
-
-    authentication {
-        auth_type PASS
-        auth_pass ryuiz54*
-    }
-
-    # list of ip affected to public vrrp
-    virtual_ipaddress {
-        # be careful label should be less than 16 character
-        100.105.163.74 dev tailscale0 label tailscale0:vip
-    }
-
-    # Unicast specific option, this is the IP of the interface keepalived listens on
-    unicast_src_ip 100.105.163.73
-    # list of other peer connect to this vrrp instance (all app instance except current host)
-    unicast_peer {}
-
-    track_script {
-        chk_kube
-    }
-}