diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-10-18 23:41:09 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-10-18 23:41:09 +0200 |
| commit | 6df5dbbbb25c54b57b6d2cfbb275eee6ee84364c (patch) | |
| tree | 2de7c354df297bcab6f6d785f8c083d8d419dc99 /roles/kubernetes/standalone/base/templates | |
| parent | update jitsi/meet (diff) | |
kubernetes/standlone: portforwarding for local services
Diffstat (limited to 'roles/kubernetes/standalone/base/templates')
| -rw-r--r-- | roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2 | 12 | ||||
| -rw-r--r-- | roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2 | 19 |
2 files changed, 31 insertions, 0 deletions
diff --git a/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2 b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2 new file mode 100644 index 00000000..ccdbfcc9 --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=Install iptables rules for local services avaialbe to standalone kubelet pods +After=network.target + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/kube-standalone-local-services.sh +RemainAfterExit=true +StandardOutput=journal + +[Install] +WantedBy=multi-user.target diff --git a/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2 b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2 new file mode 100644 index 00000000..d29e6a34 --- /dev/null +++ b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2 @@ -0,0 +1,19 @@ +#!/bin/bash + +iptables -t nat -N kube-local-services > /dev/null 2>&1 +iptables -t nat -F kube-local-services + +{% if kubernetes_standalone_local_services_tcp | length > 0 %} +iptables -t nat -A kube-local-services -p tcp --match multiport --dports {{ kubernetes_standalone_local_services_tcp | join(',') }} -i kube-bridge -d {{ kubernetes_standalone_pod_cidr | ipaddr('1') | ipaddr('address') }} -j DNAT --to-destination 127.0.0.1 +{% endif %} +{% if kubernetes_standalone_local_services_udp | length > 0 %} +iptables -t nat -A kube-local-services -p udp --match multiport --dports {{ kubernetes_standalone_local_services_udp | join(',') }} -i kube-bridge -d {{ kubernetes_standalone_pod_cidr | ipaddr('1') | ipaddr('address') }} -j DNAT --to-destination 127.0.0.1 +{% endif %} + +iptables -t nat -C PREROUTING -j kube-local-services > /dev/null 2>&1 +if [ $? -ne 0 ]; then + iptables -t nat -I PREROUTING 1 -j kube-local-services +fi +echo 1 > /proc/sys/net/ipv4/conf/kube-bridge/route_localnet + +exit 0 |