diff options
| -rw-r--r-- | common/kubernetes.yml | 6 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/tasks/add.yml | 6 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/tasks/main.yml | 9 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 | 8 |
5 files changed, 14 insertions, 17 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml index 67f2dd68..45d7cc5d 100644 --- a/common/kubernetes.yml +++ b/common/kubernetes.yml @@ -79,8 +79,8 @@ roles: - role: kubernetes/net/kubeguard when: kubernetes.network_plugin == 'kubeguard' - - role: kubernetes/base - - role: kubernetes/kubeadm/base + # - role: kubernetes/base + # - role: kubernetes/kubeadm/base # - name: configure kubernetes primary master # hosts: _kubernetes_primary_master_ @@ -128,7 +128,7 @@ # - role: kubernetes/net/kubeguard # when: kubernetes.network_plugin == 'kubeguard' # vars: -# kubeguard_remove_node: yes +# kubeguard_action: remove # - name: remove node from api server # hosts: _kubernetes_primary_master_ diff --git a/roles/kubernetes/net/kubeguard/defaults/main.yml b/roles/kubernetes/net/kubeguard/defaults/main.yml new file mode 100644 index 00000000..acabaa25 --- /dev/null +++ b/roles/kubernetes/net/kubeguard/defaults/main.yml @@ -0,0 +1,2 @@ +--- +kubeguard_action: add diff --git a/roles/kubernetes/net/kubeguard/tasks/add.yml b/roles/kubernetes/net/kubeguard/tasks/add.yml index 2f9391fc..0658b42c 100644 --- a/roles/kubernetes/net/kubeguard/tasks/add.yml +++ b/roles/kubernetes/net/kubeguard/tasks/add.yml @@ -1,6 +1,6 @@ --- - name: install wireguard - include_role: + import_role: name: wireguard/base - name: create network config directory @@ -52,7 +52,7 @@ - name: compute list of peers to be added set_fact: - kubeguard_peers_to_add: "{{ kubernetes_nodes | difference(inventory_hostname) }}" + kubeguard_peers_to_add: "{{ groups['_kubernetes_nodes_'] | difference(inventory_hostname) }}" - name: compute list of peers to be removed set_fact: @@ -91,7 +91,7 @@ - name: enable IPv4 forwarding sysctl: name: net.ipv4.ip_forward - value: 1 + value: '1' sysctl_set: yes state: present reload: yes diff --git a/roles/kubernetes/net/kubeguard/tasks/main.yml b/roles/kubernetes/net/kubeguard/tasks/main.yml index 0e87af11..10b0d547 100644 --- a/roles/kubernetes/net/kubeguard/tasks/main.yml +++ b/roles/kubernetes/net/kubeguard/tasks/main.yml @@ -1,8 +1,3 @@ --- -- name: add node to overlay network - include_tasks: add.yml - when: kubeguard_remove_node is not defined - -- name: remove node from overlay network - include_tasks: remove.yml - when: kubeguard_remove_node is defined +- name: add/remove nodes to overlay network + include_tasks: "{{ kubeguard_action }}.yml" diff --git a/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 b/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 index 48feb8ba..6f36b571 100644 --- a/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 +++ b/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 @@ -5,11 +5,11 @@ Requires=kubeguard-interfaces.service After=kubeguard-interfaces.service {% set pod_net_peer = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[peer]) -%} -{% set direct_zone = kubernetes.direct_net_zones | direct_net_zone(inventory_hostname, peer) -%} +{% set direct_zone = kubeguard.direct_net_zones | direct_net_zone(inventory_hostname, peer) -%} {% if direct_zone %} -{% set direct_ip = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.node_index[inventory_hostname]) %} -{% set direct_interface = kubernetes.direct_net_zones[direct_zone].node_interface[inventory_hostname] %} -{% set direct_ip_peer = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.node_index[peer]) %} +{% set direct_ip = kubeguard.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.node_index[inventory_hostname]) %} +{% set direct_interface = kubeguard.direct_net_zones[direct_zone].node_interface[inventory_hostname] %} +{% set direct_ip_peer = kubeguard.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.node_index[peer]) %} {% else %} {% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubeguard.node_index[peer]) -%} {% set wg_pubkey = hostvars[peer].kubeguard_wireguard_pubkey.stdout -%} |