From 6df5dbbbb25c54b57b6d2cfbb275eee6ee84364c Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 18 Oct 2020 23:41:09 +0200
Subject: kubernetes/standlone: portforwarding for local services

---
 .../kube-standalone-local-services.service.j2         | 12 ++++++++++++
 .../templates/kube-standalone-local-services.sh.j2    | 19 +++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2
 create mode 100644 roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2

(limited to 'roles/kubernetes/standalone/base/templates')

diff --git a/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2 b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2
new file mode 100644
index 00000000..ccdbfcc9
--- /dev/null
+++ b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.service.j2
@@ -0,0 +1,12 @@
+[Unit]
+Description=Install iptables rules for local services avaialbe to standalone kubelet pods
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/kube-standalone-local-services.sh
+RemainAfterExit=true
+StandardOutput=journal
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2 b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2
new file mode 100644
index 00000000..d29e6a34
--- /dev/null
+++ b/roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+iptables -t nat -N kube-local-services > /dev/null 2>&1
+iptables -t nat -F kube-local-services
+
+{% if kubernetes_standalone_local_services_tcp | length > 0 %}
+iptables -t nat -A kube-local-services -p tcp --match multiport --dports {{ kubernetes_standalone_local_services_tcp | join(',') }} -i kube-bridge -d {{ kubernetes_standalone_pod_cidr | ipaddr('1') | ipaddr('address') }} -j DNAT --to-destination 127.0.0.1
+{% endif %}
+{% if kubernetes_standalone_local_services_udp | length > 0 %}
+iptables -t nat -A kube-local-services -p udp --match multiport --dports {{ kubernetes_standalone_local_services_udp | join(',') }} -i kube-bridge -d {{ kubernetes_standalone_pod_cidr | ipaddr('1') | ipaddr('address') }} -j DNAT --to-destination 127.0.0.1
+{% endif %}
+
+iptables -t nat -C PREROUTING -j kube-local-services > /dev/null 2>&1
+if [ $? -ne 0 ]; then
+  iptables -t nat -I PREROUTING 1 -j kube-local-services
+fi
+echo 1 > /proc/sys/net/ipv4/conf/kube-bridge/route_localnet
+
+exit 0
-- 
cgit v1.2.3