--- - name: disable docker iptales and bridge copy: src: daemon.json dest: /etc/docker/daemon.json - name: create network config directory file: name: /var/lib/kubenet/ state: directory - name: configure wireguard port set_fact: kubenet_wireguard_port: "{{ kubernetes.wireguard_port | default(51820) }}" - name: install ifupdown script template: src: ifupdown.sh.j2 dest: /var/lib/kubenet/ifupdown.sh mode: 0755 # TODO: notify reload... this is unfortunately already to late because # it must probably be brought down by the old version of the script - name: generate wireguard private key shell: "umask 077; wg genkey > /var/lib/kubenet/kube-wg0.privatekey" args: creates: /var/lib/kubenet/kube-wg0.privatekey - name: fetch wireguard public key shell: "wg pubkey < /var/lib/kubenet/kube-wg0.privatekey" register: kubenet_wireguard_pubkey changed_when: false check_mode: no - name: install systemd service unit for network interfaces copy: src: kubenet-interfaces.service dest: /etc/systemd/system/kubenet-interfaces.service # TODO: notify: reload... - name: make sure kubenet interfaces service is started and enabled systemd: daemon_reload: yes name: kubenet-interfaces.service state: started enabled: yes - name: install systemd units for every wireguard peer with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}" template: src: kubenet-peer.service.j2 dest: "/etc/systemd/system/kubenet-peer-{{ item }}.service" - name: make sure kubenet peer services are started and enabled with_items: "{{ kubernetes.net_index.keys() | difference(inventory_hostname) }}" systemd: daemon_reload: yes name: "kubenet-peer-{{ item }}.service" state: started enabled: yes - name: enable IPv4 forwarding sysctl: name: net.ipv4.ip_forward value: 1 sysctl_set: yes state: present reload: yes - name: create cni config directory file: name: /etc/cni/net.d state: directory - name: install cni config template: src: k8s.json.j2 dest: /etc/cni/net.d/k8s.json