diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-06-20 05:20:46 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-06-20 05:20:46 +0200 |
commit | b39c3b91269a8482207863234acc298f623deae6 (patch) | |
tree | 21e70e6746bb11bdf8e49a8a125271ed8149a894 /roles/kubernetes/kubeadm/base/tasks | |
parent | kubernetes: move kubeguard/reset to kubeadm/reset (diff) |
kubernetes: add node pruning role
Diffstat (limited to 'roles/kubernetes/kubeadm/base/tasks')
-rw-r--r-- | roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml index 8c5f5065..37b5030d 100644 --- a/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml +++ b/roles/kubernetes/kubeadm/base/tasks/net_kubeguard.yml @@ -25,26 +25,26 @@ # it must probably be brought down by the old version of the script - name: generate wireguard private key - shell: "umask 077; wg genkey > /var/lib/kubeguard/kube-wg0.privatekey" + shell: "umask 077; wg genkey > /var/lib/kubeguard/kubeguard-wg0.privatekey" args: - creates: /var/lib/kubeguard/kube-wg0.privatekey + creates: /var/lib/kubeguard/kubeguard-wg0.privatekey - name: fetch wireguard public key - shell: "wg pubkey < /var/lib/kubeguard/kube-wg0.privatekey" + shell: "wg pubkey < /var/lib/kubeguard/kubeguard-wg0.privatekey" register: kubeguard_wireguard_pubkey changed_when: false check_mode: no -- name: install systemd service unit for network interfaces +- name: install systemd service unit for network interface template: - src: net_kubeguard/kubeguard-interfaces.service.j2 - dest: /etc/systemd/system/kubeguard-interfaces.service + src: net_kubeguard/interface.service.j2 + dest: /etc/systemd/system/kubeguard-interface.service # TODO: notify: reload??? -- name: make sure kubeguard interfaces service is started and enabled +- name: make sure kubeguard interface service is started and enabled systemd: daemon_reload: yes - name: kubeguard-interfaces.service + name: kubeguard-interface.service state: started enabled: yes @@ -53,7 +53,7 @@ loop_control: loop_var: peer template: - src: net_kubeguard/kubeguard-peer.service.j2 + src: net_kubeguard/peer.service.j2 dest: "/etc/systemd/system/kubeguard-peer-{{ peer }}.service" # TODO: notify restart for peers that change... @@ -80,5 +80,5 @@ - name: install cni config template: - src: net_kubeguard/k8s.json.j2 + src: net_kubeguard/cni.json.j2 dest: /etc/cni/net.d/kubeguard.json |