fixup! dev-docs: full L3 connectivity in VPN chart

edgelesssys · Jan 5, 2024 · 157cf12 · 157cf12
1 parent efc297a
commit 157cf12
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 16 deletions.
diff --git a/dev-docs/howto/vpn/helm/files/routing/operator.sh b/dev-docs/howto/vpn/helm/files/routing/operator.sh
@@ -18,14 +18,14 @@ cep_patch() {
 vpn_cidrs=$(for ip in ${VPN_PEER_CIDRS}; do printf '"%s" ' "${ip}"; done | jq -s -c -j)
 
 masq_patch() {
-  kubectl -n kube-system get configmap ip-masq-agent -o json | \
-  jq -r .data.config | \
-  jq "{ masqLinkLocal: .masqLinkLocal, nonMasqueradeCIDRs: ((.nonMasqueradeCIDRs - ${vpn_cidrs}) + ${vpn_cidrs}) }" | \
-  jq '@json | [{op: "replace", path: "/data/config", value: . }]'
+  kubectl -n kube-system get configmap ip-masq-agent -o json |
+    jq -r .data.config |
+    jq "{ masqLinkLocal: .masqLinkLocal, nonMasqueradeCIDRs: ((.nonMasqueradeCIDRs - ${vpn_cidrs}) + ${vpn_cidrs}) }" |
+    jq '@json | [{op: "replace", path: "/data/config", value: . }]'
 }
 
 reconcile_masq() {
-  if ! kubectl -n kube-system get configmap ip-masq-agent >/dev/null; then
+  if ! kubectl -n kube-system get configmap ip-masq-agent > /dev/null; then
     # We don't know enough to create an ip-masq-agent.
     return 0
   fi

diff --git a/dev-docs/howto/vpn/helm/files/routing/sidecar.sh b/dev-docs/howto/vpn/helm/files/routing/sidecar.sh
@@ -5,25 +5,25 @@
 
 reconcile_sip_verification() {
 
-    # Disable source IP verification on our network interface. Otherwise, VPN
-    # packets will be dropped by Cilium.
+  # Disable source IP verification on our network interface. Otherwise, VPN
+  # packets will be dropped by Cilium.
 
-    cilium_agent=$(pidof cilium-agent)
-    myip=$(ip -j addr show eth0 | jq -r '.[0].addr_info[] | select(.family == "inet") | .local')
+  cilium_agent=$(pidof cilium-agent)
+  myip=$(ip -j addr show eth0 | jq -r '.[0].addr_info[] | select(.family == "inet") | .local')
 
-    cilium() {
+  cilium() {
     nsenter -t "${cilium_agent}" -a -r -w cilium "$@"
-    }
+  }
 
-    myendpoint=$(cilium endpoint get "ipv4:${myip}" | jq '.[0].id')
+  myendpoint=$(cilium endpoint get "ipv4:${myip}" | jq '.[0].id')
 
-    if [ "$(cilium endpoint config "${myendpoint}" -o json | jq -r .realized.options.SourceIPVerification)" = "Enabled" ]; then
-        cilium endpoint config "${myendpoint}" SourceIPVerification=Disabled
-    fi
+  if [ "$(cilium endpoint config "${myendpoint}" -o json | jq -r .realized.options.SourceIPVerification)" = "Enabled" ]; then
+    cilium endpoint config "${myendpoint}" SourceIPVerification=Disabled
+  fi
 
 }
 
 while true; do
   reconcile_sip_verification
   sleep 10
-done
+done