diff options
Diffstat (limited to 'roles/kubernetes/net/kubeguard/node/tasks/main.yml')
-rw-r--r-- | roles/kubernetes/net/kubeguard/node/tasks/main.yml | 80 |
1 files changed, 0 insertions, 80 deletions
diff --git a/roles/kubernetes/net/kubeguard/node/tasks/main.yml b/roles/kubernetes/net/kubeguard/node/tasks/main.yml deleted file mode 100644 index 72814e06..00000000 --- a/roles/kubernetes/net/kubeguard/node/tasks/main.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: install wireguard - import_role: - name: wireguard/base - -- name: create network config directory - file: - name: /var/lib/kubeguard/ - state: directory - -- name: configure wireguard port - set_fact: - kubeguard_wireguard_port: "{{ kubernetes.wireguard_port | default(51820) }}" - -- name: install ifupdown script - template: - src: ifupdown.sh.j2 - dest: /var/lib/kubeguard/ifupdown.sh - mode: 0755 - # TODO: notify reload... this is unfortunately already to late because - # it must probably be brought down by the old version of the script - -- name: generate wireguard private key - shell: "umask 077; wg genkey > /var/lib/kubeguard/kube-wg0.privatekey" - args: - creates: /var/lib/kubeguard/kube-wg0.privatekey - -- name: fetch wireguard public key - shell: "wg pubkey < /var/lib/kubeguard/kube-wg0.privatekey" - register: kubeguard_wireguard_pubkey - changed_when: false - check_mode: no - -- name: install systemd service unit for network interfaces - copy: - src: kubeguard-interfaces.service - dest: /etc/systemd/system/kubeguard-interfaces.service - # TODO: notify: reload??? - -- name: make sure kubeguard interfaces service is started and enabled - systemd: - daemon_reload: yes - name: kubeguard-interfaces.service - state: started - enabled: yes - -- name: install systemd units for every kubeguard peer - loop: "{{ groups['_kubernetes_nodes_'] | difference(inventory_hostname) }}" - loop_control: - loop_var: peer - template: - src: kubeguard-peer.service.j2 - dest: "/etc/systemd/system/kubeguard-peer-{{ peer }}.service" - # TODO: notify restart for peers that change... - -- name: make sure kubeguard peer services are started and enabled - loop: "{{ groups['_kubernetes_nodes_'] | difference(inventory_hostname) }}" - systemd: - daemon_reload: yes - name: "kubeguard-peer-{{ item }}.service" - state: started - enabled: yes - -- name: enable IPv4 forwarding - sysctl: - name: net.ipv4.ip_forward - value: '1' - sysctl_set: yes - state: present - reload: yes - -- name: create cni config directory - file: - name: /etc/cni/net.d - state: directory - -- name: install cni config - template: - src: k8s.json.j2 - dest: /etc/cni/net.d/k8s.json |