kubernetes net role works now

1 files changed, 20 insertions, 0 deletions

diff --git a/roles/kubernetes-net/templates/kubenet-peer.service.j2 b/roles/kubernetes-net/templates/kubenet-peer.service.j2
new file mode 100644
index 00000000..a076512d
--- /dev/null
+++ b/roles/kubernetes-net/templates/kubenet-peer.service.j2
@@ -0,0 +1,20 @@
+[Unit]
+Description=Kubernetes Network Peer {{ item }}
+After=network.target
+Requires=kubenet-interfaces.service
+After=kubenet-interfaces.service
+
+{% set wg_pubkey = hostvars[item].kubenet_wireguard_pubkey.stdout -%}
+{% set wg_host = hostvars[item].external_ip | default(hostvars[item].ansible_default_ipv4.address) -%}
+{% set wg_port = hostvars[item].kubenet_wireguard_port -%}
+{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubernetes.net_index[item]) | ipaddr('address') -%}
+{% set pod_net = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[item]) -%}
+{% set wg_allowedips = tun_ip + "/32," + pod_net %}
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} allowed-ips {{ wg_allowedips }} endpoint {{ wg_host }}:{{ wg_port }} persistent-keepalive 10
+ExecStop=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} remove
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target