kubernetes standalone cni variants

author: Christian Pointner <equinox@spreadspace.org> 2019-10-12 21:34:54 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2019-10-12 21:34:54 +0200
commit: 9f19038d7df8d64dcced13ab0cfe47851e07bf8f (patch)
tree: b03c444ea23d9c9d8369fff7330b93d3ebff1eb0 /roles/kubernetes
parent: nextcloud role ~50% done (diff)
5 files changed, 48 insertions, 4 deletions
diff --git a/roles/kubernetes/standalone/defaults/main.yml b/roles/kubernetes/standalone/defaults/main.yml
index fb48cf2b..b0c14b11 100644
--- a/roles/kubernetes/standalone/defaults/main.yml
+++ b/roles/kubernetes/standalone/defaults/main.yml
@@ -10,3 +10,5 @@ kubernetes_standalone_max_pods: 10
 
 kubernetes_standalone_pod_cidr: 192.168.255.0/24
 kubernetes_standalone_resolv_conf: /etc/resolv.conf
+
+kubernetes_standalone_cni_variant: with-portmap
diff --git a/roles/kubernetes/standalone/tasks/main.yml b/roles/kubernetes/standalone/tasks/main.yml
index e377e4b9..241c3136 100644
--- a/roles/kubernetes/standalone/tasks/main.yml
+++ b/roles/kubernetes/standalone/tasks/main.yml
@@ -30,5 +30,5 @@
 
 - name: install cni config
   template:
-    src: cni.conflist.j2
+    src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2"
     dest: /etc/cni/net.d/kube-standalone.conflist
diff --git a/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2
new file mode 100644
index 00000000..be47f216
--- /dev/null
+++ b/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2
@@ -0,0 +1,17 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2
new file mode 100644
index 00000000..acaf7eba
--- /dev/null
+++ b/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2
@@ -0,0 +1,25 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }, {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      },
+      "snat": true,
+      "conditionsV4": ["-s", "127.0.0.1", "-d", "127.0.0.1"],
+      "conditionsV6": ["-s", "::1", "-d", "::1"]
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/templates/cni.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2
index 0b641097..9f9b2b9a 100644
--- a/roles/kubernetes/standalone/templates/cni.conflist.j2
+++ b/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2
@@ -15,9 +15,9 @@
     }, {
       "type": "portmap",
       "capabilities": {
-        "portMappings": true,
-        "snat": true
-      }
+        "portMappings": true
+      },
+      "snat": true
     }
   ]
 }
author	Christian Pointner <equinox@spreadspace.org>	2019-10-12 21:34:54 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2019-10-12 21:34:54 +0200
commit	9f19038d7df8d64dcced13ab0cfe47851e07bf8f (patch)
tree	b03c444ea23d9c9d8369fff7330b93d3ebff1eb0 /roles/kubernetes
parent	nextcloud role ~50% done (diff)