From 456596710ee1e6b9939971eae03bf9b81062ac37 Mon Sep 17 00:00:00 2001
From: Zohar Mamedov <zoharm@users.noreply.github.com>
Date: Mon, 10 Dec 2018 00:40:39 -0800
Subject: [PATCH] kube-router manifest DSR adjustments (#3828)

---
 .../k8s-cluster/k8s-net-kube-router.yml           |  3 +++
 .../network_plugin/kube-router/defaults/main.yml  |  3 +++
 .../kube-router/templates/kube-router.yml.j2      | 15 +++++++++++++++
 3 files changed, 21 insertions(+)

diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-net-kube-router.yml b/inventory/sample/group_vars/k8s-cluster/k8s-net-kube-router.yml
index 38066edec..e36b9c1dc 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-net-kube-router.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-net-kube-router.yml
@@ -19,6 +19,9 @@
 # Add LoadbBalancer IP of service status as set by the LB provider to the RIB so that it gets advertised to the BGP peers.
 # kube_router_advertise_loadbalancer_ip: false
 
+# Adjust manifest of kube-router daemonset template with DSR needed changes
+# kube_router_enable_dsr: false
+
 # Array of arbitrary extra arguments to kube-router, see
 # https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md
 # kube_router_extra_args: []
diff --git a/roles/network_plugin/kube-router/defaults/main.yml b/roles/network_plugin/kube-router/defaults/main.yml
index a4c6046aa..7ede7e3bc 100644
--- a/roles/network_plugin/kube-router/defaults/main.yml
+++ b/roles/network_plugin/kube-router/defaults/main.yml
@@ -18,6 +18,9 @@ kube_router_advertise_external_ip: false
 # Add LoadbBalancer IP of service status as set by the LB provider to the RIB so that it gets advertised to the BGP peers.
 kube_router_advertise_loadbalancer_ip: false
 
+# Adjust manifest of kube-router daemonset template with DSR needed changes
+kube_router_enable_dsr: false
+
 # Array of arbitrary extra arguments to kube-router, see
 # https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md
 kube_router_extra_args: []
diff --git a/roles/network_plugin/kube-router/templates/kube-router.yml.j2 b/roles/network_plugin/kube-router/templates/kube-router.yml.j2
index 37f03ea26..2e50fd171 100644
--- a/roles/network_plugin/kube-router/templates/kube-router.yml.j2
+++ b/roles/network_plugin/kube-router/templates/kube-router.yml.j2
@@ -113,6 +113,11 @@ spec:
         securityContext:
           privileged: true
         volumeMounts:
+{% if kube_router_enable_dsr %}
+        - name: docker-socket
+          mountPath: /var/run/docker.sock
+          readOnly: true
+{% endif %}
         - name: lib-modules
           mountPath: /lib/modules
           readOnly: true
@@ -147,12 +152,22 @@ spec:
         - name: kubeconfig
           mountPath: /var/lib/kube-router
       hostNetwork: true
+{% if kube_router_enable_dsr %}
+      hostIPC: true
+      hostPID: true
+{% endif %}
       tolerations:
       - operator: Exists
       # Mark pod as critical for rescheduling (Will have no effect starting with kubernetes 1.12)
       - key: CriticalAddonsOnly
         operator: "Exists"
       volumes:
+{% if kube_router_enable_dsr %}
+      - name: docker-socket
+        hostPath:
+          path: /var/run/docker.sock
+          type: Socket
+{% endif %}
       - name: lib-modules
         hostPath:
           path: /lib/modules