[Unit]
Description=Kubernetes Network Peer {{ item }}
After=network.target
Requires=kubenet-interfaces.service
After=kubenet-interfaces.service

{% set wg_pubkey = hostvars[item].kubenet_wireguard_pubkey.stdout -%}
{% set wg_host = hostvars[item].external_ip | default(hostvars[item].ansible_default_ipv4.address) -%}
{% set wg_port = hostvars[item].kubenet_wireguard_port -%}
{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubernetes.net_index[item]) | ipaddr('address') -%}
{% set pod_net = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[item]) -%}
{% set wg_allowedips = tun_ip + "/32," + pod_net %}
[Service]
Type=oneshot
ExecStart=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} allowed-ips {{ wg_allowedips }} endpoint {{ wg_host }}:{{ wg_port }} persistent-keepalive 10
ExecStop=/usr/bin/wg set kube-wg0 peer {{ wg_pubkey }} remove
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target