diff options
Diffstat (limited to 'roles/kubernetes/net/kubeguard/node/templates/kubeguard-peer.service.j2')
| -rw-r--r-- | roles/kubernetes/net/kubeguard/node/templates/kubeguard-peer.service.j2 | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/roles/kubernetes/net/kubeguard/node/templates/kubeguard-peer.service.j2 b/roles/kubernetes/net/kubeguard/node/templates/kubeguard-peer.service.j2 deleted file mode 100644 index 0503ca03..00000000 --- a/roles/kubernetes/net/kubeguard/node/templates/kubeguard-peer.service.j2 +++ /dev/null @@ -1,37 +0,0 @@ -[Unit] -Description=Kubernetes Network Peer {{ peer }} -After=network.target -Requires=kubeguard-interfaces.service -After=kubeguard-interfaces.service - -{% set pod_ip_self = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') -%} -{% set pod_net_peer = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[peer]) -%} -{% set direct_zone = kubeguard.direct_net_zones | default({}) | direct_net_zone(inventory_hostname, peer) -%} -{% if direct_zone %} -{% set direct_ip = kubeguard.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.node_index[inventory_hostname]) %} -{% set direct_interface = kubeguard.direct_net_zones[direct_zone].node_interface[inventory_hostname] %} -{% set direct_ip_peer = kubeguard.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.node_index[peer]) %} -{% else %} -{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubeguard.node_index[peer]) -%} -{% set wg_pubkey = hostvars[peer].kubeguard_wireguard_pubkey.stdout -%} -{% set wg_host = hostvars[peer].external_ip_cooked | default(hostvars[peer].ansible_default_ipv4.address) -%} -{% set wg_port = hostvars[peer].kubeguard_wireguard_port -%} -{% set wg_allowedips = (tun_ip | ipaddr('address')) + "/32," + pod_net_peer %} -{% endif %} -[Service] -Type=oneshot -{% if direct_zone %} -ExecStart=/sbin/ip addr add {{ direct_ip }} dev {{ direct_interface }} -ExecStart=/sbin/ip link set up dev {{ direct_interface }} -ExecStart=/sbin/ip route add {{ pod_net_peer }} via {{ direct_ip_peer | ipaddr('address') }} src {{ pod_ip_self }} -ExecStop=/sbin/ip route del {{ pod_net_peer }} -ExecStop=/sbin/ip link set down dev {{ direct_interface }} -ExecStop=/sbin/ip addr del {{ direct_ip }} dev {{ direct_interface }} -{% else %} -ExecStart=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} allowed-ips {{ wg_allowedips }} endpoint {{ wg_host }}:{{ wg_port }} persistent-keepalive 10 -ExecStop=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} remove -{% endif %} -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target |