From 9f19038d7df8d64dcced13ab0cfe47851e07bf8f Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 12 Oct 2019 21:34:54 +0200
Subject: kubernetes standalone cni variants

---
 roles/kubernetes/standalone/defaults/main.yml      |  2 ++
 roles/kubernetes/standalone/tasks/main.yml         |  2 +-
 .../templates/cni-no-portmap.conflist.j2           | 17 +++++++++++++++
 .../cni-with-localonly-portmap.conflist.j2         | 25 ++++++++++++++++++++++
 .../templates/cni-with-portmap.conflist.j2         | 23 ++++++++++++++++++++
 .../standalone/templates/cni.conflist.j2           | 23 --------------------
 6 files changed, 68 insertions(+), 24 deletions(-)
 create mode 100644 roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2
 create mode 100644 roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2
 create mode 100644 roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2
 delete mode 100644 roles/kubernetes/standalone/templates/cni.conflist.j2

(limited to 'roles/kubernetes')

diff --git a/roles/kubernetes/standalone/defaults/main.yml b/roles/kubernetes/standalone/defaults/main.yml
index fb48cf2b..b0c14b11 100644
--- a/roles/kubernetes/standalone/defaults/main.yml
+++ b/roles/kubernetes/standalone/defaults/main.yml
@@ -10,3 +10,5 @@ kubernetes_standalone_max_pods: 10
 
 kubernetes_standalone_pod_cidr: 192.168.255.0/24
 kubernetes_standalone_resolv_conf: /etc/resolv.conf
+
+kubernetes_standalone_cni_variant: with-portmap
diff --git a/roles/kubernetes/standalone/tasks/main.yml b/roles/kubernetes/standalone/tasks/main.yml
index e377e4b9..241c3136 100644
--- a/roles/kubernetes/standalone/tasks/main.yml
+++ b/roles/kubernetes/standalone/tasks/main.yml
@@ -30,5 +30,5 @@
 
 - name: install cni config
   template:
-    src: cni.conflist.j2
+    src: "cni-{{ kubernetes_standalone_cni_variant }}.conflist.j2"
     dest: /etc/cni/net.d/kube-standalone.conflist
diff --git a/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2
new file mode 100644
index 00000000..be47f216
--- /dev/null
+++ b/roles/kubernetes/standalone/templates/cni-no-portmap.conflist.j2
@@ -0,0 +1,17 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2
new file mode 100644
index 00000000..acaf7eba
--- /dev/null
+++ b/roles/kubernetes/standalone/templates/cni-with-localonly-portmap.conflist.j2
@@ -0,0 +1,25 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }, {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      },
+      "snat": true,
+      "conditionsV4": ["-s", "127.0.0.1", "-d", "127.0.0.1"],
+      "conditionsV6": ["-s", "::1", "-d", "::1"]
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2 b/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2
new file mode 100644
index 00000000..9f9b2b9a
--- /dev/null
+++ b/roles/kubernetes/standalone/templates/cni-with-portmap.conflist.j2
@@ -0,0 +1,23 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "kube-standalone",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "kube-bridge",
+      "isDefaultGateway": true,
+      "ipMasq": true,
+      "hairpinMode": false,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
+      }
+    }, {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      },
+      "snat": true
+    }
+  ]
+}
diff --git a/roles/kubernetes/standalone/templates/cni.conflist.j2 b/roles/kubernetes/standalone/templates/cni.conflist.j2
deleted file mode 100644
index 0b641097..00000000
--- a/roles/kubernetes/standalone/templates/cni.conflist.j2
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-  "cniVersion": "0.3.1",
-  "name": "kube-standalone",
-  "plugins": [
-    {
-      "type": "bridge",
-      "bridge": "kube-bridge",
-      "isDefaultGateway": true,
-      "ipMasq": true,
-      "hairpinMode": false,
-      "ipam": {
-        "type": "host-local",
-        "subnet": "{{ kubernetes_standalone_pod_cidr }}"
-      }
-    }, {
-      "type": "portmap",
-      "capabilities": {
-        "portMappings": true,
-        "snat": true
-      }
-    }
-  ]
-}
-- 
cgit v1.2.3