diff options
Diffstat (limited to 'roles/kubernetes-net/templates/kubenet-peer.service.j2')
| -rw-r--r-- | roles/kubernetes-net/templates/kubenet-peer.service.j2 | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/roles/kubernetes-net/templates/kubenet-peer.service.j2 b/roles/kubernetes-net/templates/kubenet-peer.service.j2 index a076512d..bee211af 100644 --- a/roles/kubernetes-net/templates/kubenet-peer.service.j2 +++ b/roles/kubernetes-net/templates/kubenet-peer.service.j2 @@ -1,19 +1,35 @@ [Unit] -Description=Kubernetes Network Peer {{ item }} +Description=Kubernetes Network Peer {{ peer }} After=network.target Requires=kubenet-interfaces.service After=kubenet-interfaces.service -{% set wg_pubkey = hostvars[item].kubenet_wireguard_pubkey.stdout -%} -{% set wg_host = hostvars[item].external_ip | default(hostvars[item].ansible_default_ipv4.address) -%} -{% set wg_port = hostvars[item].kubenet_wireguard_port -%} -{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubernetes.net_index[item]) | ipaddr('address') -%} -{% set pod_net = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[item]) -%} -{% set wg_allowedips = tun_ip + "/32," + pod_net %} +{% set pod_net_peer = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[peer]) -%} +{% set direct_zone = kubernetes.direct_net_zones | direct_net_zone(inventory_hostname, peer) -%} +{% if direct_zone %} +{% set direct_ip = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubernetes.net_index[inventory_hostname]) %} +{% set direct_interface = kubernetes.direct_net_zones[direct_zone].node_interface[inventory_hostname] %} +{% set direct_ip_peer = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubernetes.net_index[peer]) %} +{% else %} +{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubernetes.net_index[peer]) -%} +{% set wg_pubkey = hostvars[peer].kubenet_wireguard_pubkey.stdout -%} +{% set wg_host = hostvars[peer].external_ip | default(hostvars[peer].ansible_default_ipv4.address) -%} +{% set wg_port = hostvars[peer].kubenet_wireguard_port -%} +{% set wg_allowedips = (tun_ip | ipaddr('address')) + "/32," + pod_net_peer %} +{% endif %} [Service] Type=oneshot +{% if direct_zone %} +ExecStart=/sbin/ip addr add {{ direct_ip }} dev {{ direct_interface }} +ExecStart=/sbin/ip link set up dev {{ direct_interface }} +ExecStart=/sbin/ip route add {{ pod_net_peer }} via {{ direct_ip_peer | ipaddr('address') }} +ExecStop=/sbin/ip route del {{ pod_net_peer }} +ExecStop=/sbin/ip link set down dev {{ direct_interface }} +ExecStop=/sbin/ip addr del {{ direct_ip }} dev {{ direct_interface }} +{% else %} ExecStart=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} allowed-ips {{ wg_allowedips }} endpoint {{ wg_host }}:{{ wg_port }} persistent-keepalive 10 ExecStop=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} remove +{% endif %} RemainAfterExit=yes [Install] |