From 5e5d86c2a5bbccb88df65059693281c56c6f4abb Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 7 Jan 2018 04:41:46 +0100 Subject: kubernetes net role works now --- roles/kubernetes-net/tasks/main.yaml | 39 +++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) (limited to 'roles/kubernetes-net/tasks/main.yaml') diff --git a/roles/kubernetes-net/tasks/main.yaml b/roles/kubernetes-net/tasks/main.yaml index 5c9aba91..6a50cf00 100644 --- a/roles/kubernetes-net/tasks/main.yaml +++ b/roles/kubernetes-net/tasks/main.yaml @@ -9,6 +9,10 @@ name: /var/lib/kubenet/ state: directory +- name: configure wireguard port + set_fact: + kubenet_wireguard_port: "{{ kubernetes.wireguard_port | default(51820) }}" + - name: install ifupdown script template: src: ifupdown.sh.j2 @@ -24,8 +28,9 @@ - name: fetch wireguard public key shell: "wg pubkey < /var/lib/kubenet/kube-wg0.privatekey" - register: wireguard_pubkey + register: kubenet_wireguard_pubkey changed_when: false + check_mode: no - name: install systemd service unit for network interfaces copy: @@ -39,3 +44,35 @@ name: kubenet-interfaces.service state: started enabled: yes + +- name: install systemd units for every wireguard peer + with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}" + template: + src: kubenet-peer.service.j2 + dest: "/etc/systemd/system/kubenet-peer-{{ item }}.service" + +- name: make sure kubenet peer services are started and enabled + with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}" + systemd: + daemon_reload: yes + name: "kubenet-peer-{{ item }}.service" + state: started + enabled: yes + +- name: enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: 1 + sysctl_set: yes + state: present + reload: yes + +- name: create cni config directory + file: + name: /etc/cni/net.d + state: directory + +- name: install cni config + template: + src: k8s.json.j2 + dest: /etc/cni/net.d/k8s.json -- cgit v1.2.3