kubernetes net role works now

1 files changed, 38 insertions, 1 deletions

diff --git a/roles/kubernetes-net/tasks/main.yaml b/roles/kubernetes-net/tasks/main.yaml
index 5c9aba91..6a50cf00 100644
--- a/roles/kubernetes-net/tasks/main.yaml
+++ b/roles/kubernetes-net/tasks/main.yaml
@@ -9,6 +9,10 @@
     name: /var/lib/kubenet/
     state: directory
 
+- name: configure wireguard port
+  set_fact:
+    kubenet_wireguard_port: "{{ kubernetes.wireguard_port | default(51820) }}"
+
 - name: install ifupdown script
   template:
     src: ifupdown.sh.j2
@@ -24,8 +28,9 @@
 
 - name: fetch wireguard public key
   shell: "wg pubkey < /var/lib/kubenet/kube-wg0.privatekey"
-  register: wireguard_pubkey
+  register: kubenet_wireguard_pubkey
   changed_when: false
+  check_mode: no
 
 - name: install systemd service unit for network interfaces
   copy:
@@ -39,3 +44,35 @@
     name: kubenet-interfaces.service
     state: started
     enabled: yes
+
+- name: install systemd units for every wireguard peer
+  with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}"
+  template:
+    src: kubenet-peer.service.j2
+    dest: "/etc/systemd/system/kubenet-peer-{{ item }}.service"
+
+- name: make sure kubenet peer services are started and enabled
+  with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}"
+  systemd:
+    daemon_reload: yes
+    name: "kubenet-peer-{{ item }}.service"
+    state: started
+    enabled: yes
+
+- name: enable IPv4 forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+
+- name: create cni config directory
+  file:
+    name: /etc/cni/net.d
+    state: directory
+
+- name: install cni config
+  template:
+    src: k8s.json.j2
+    dest: /etc/cni/net.d/k8s.json