From 5e5d86c2a5bbccb88df65059693281c56c6f4abb Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 7 Jan 2018 04:41:46 +0100
Subject: kubernetes net role works now

---
 roles/kubernetes-net/templates/ifupdown.sh.j2        |  2 +-
 roles/kubernetes-net/templates/k8s.json.j2           | 12 ++++++++++++
 .../kubernetes-net/templates/kubenet-peer.service.j2 | 20 ++++++++++++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 roles/kubernetes-net/templates/k8s.json.j2
 create mode 100644 roles/kubernetes-net/templates/kubenet-peer.service.j2

(limited to 'roles/kubernetes-net/templates')

diff --git a/roles/kubernetes-net/templates/ifupdown.sh.j2 b/roles/kubernetes-net/templates/ifupdown.sh.j2
index 71ec38af..9bc82325 100644
--- a/roles/kubernetes-net/templates/ifupdown.sh.j2
+++ b/roles/kubernetes-net/templates/ifupdown.sh.j2
@@ -28,7 +28,7 @@ case "$1" in
     # bring up wireguard tunnel to other nodes
     ip link add dev "$TUN_IF" type wireguard
     ip addr add dev "$TUN_IF" "$TUN_IP_CIDR"
-    wg set "$TUN_IF" listen-port 51820 private-key "$CONF_D/$TUN_IF.privatekey"
+    wg set "$TUN_IF" listen-port {{ kubenet_wireguard_port }} private-key "$CONF_D/$TUN_IF.privatekey"
     ip link set up dev "$TUN_IF"
     ip route add "$POD_NET_CIDR" dev "$TUN_IF" src "$TUN_IP"
     ;;
diff --git a/roles/kubernetes-net/templates/k8s.json.j2 b/roles/kubernetes-net/templates/k8s.json.j2
new file mode 100644
index 00000000..f457ed1c
--- /dev/null
+++ b/roles/kubernetes-net/templates/k8s.json.j2
@@ -0,0 +1,12 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "k8s",
+  "type": "bridge",
+  "bridge": "kube-br0",
+  "isDefaultGateway": true,
+  "hairpinMode": true,
+  "ipam": {
+    "type": "host-local",
+    "subnet": "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[inventory_hostname]) }}"
+  }
+}
diff --git a/roles/kubernetes-net/templates/kubenet-peer.service.j2 b/roles/kubernetes-net/templates/kubenet-peer.service.j2
new file mode 100644
index 00000000..a076512d
--- /dev/null
+++ b/roles/kubernetes-net/templates/kubenet-peer.service.j2
@@ -0,0 +1,20 @@
+[Unit]
+Description=Kubernetes Network Peer {{ item }}
+After=network.target
+Requires=kubenet-interfaces.service
+After=kubenet-interfaces.service
+
+{% set wg_pubkey = hostvars[item].kubenet_wireguard_pubkey.stdout -%}
+{% set wg_host = hostvars[item].external_ip | default(hostvars[item].ansible_default_ipv4.address) -%}
+{% set wg_port = hostvars[item].kubenet_wireguard_port -%}
+{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubernetes.net_index[item]) | ipaddr('address') -%}
+{% set pod_net = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[item]) -%}
+{% set wg_allowedips = tun_ip + "/32," + pod_net %}
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} allowed-ips {{ wg_allowedips }} endpoint {{ wg_host }}:{{ wg_port }} persistent-keepalive 10
+ExecStop=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} remove
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3