roles/kubernetes/standalone/base/templates/kube-standalone-local-services.sh.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#!/bin/bash

iptables -t nat -N kube-local-services > /dev/null 2>&1
iptables -t nat -F kube-local-services

{% if kubernetes_standalone_local_services_tcp | length > 0 %}
iptables -t nat -A kube-local-services -p tcp --match multiport --dports {{ kubernetes_standalone_local_services_tcp | join(',') }} -i kube-bridge -s {{ kubernetes_standalone_pod_cidr }} -d {{ kubernetes_standalone_pod_cidr | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }} -j DNAT --to-destination 127.0.0.1
{% endif %}
{% if kubernetes_standalone_local_services_udp | length > 0 %}
iptables -t nat -A kube-local-services -p udp --match multiport --dports {{ kubernetes_standalone_local_services_udp | join(',') }} -i kube-bridge -s {{ kubernetes_standalone_pod_cidr }} -d {{ kubernetes_standalone_pod_cidr | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }} -j DNAT --to-destination 127.0.0.1
{% endif %}

iptables -t nat -C PREROUTING -j kube-local-services > /dev/null 2>&1
if [ $? -ne 0 ]; then
  iptables -t nat -I PREROUTING 1 -j kube-local-services
fi
ip link add name kube-bridge type bridge > /dev/null 2>&1
echo 1 > /proc/sys/net/ipv4/conf/kube-bridge/route_localnet

exit 0