dsk-dev kubespray 이동

2023-12-19 14:31:22 +09:00
parent a35325e16b
commit 5671a92148
2568 changed files with 0 additions and 0 deletions
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/10-macvlan.conf.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/10-macvlan.conf.j2
@@ -0,0 +1,15 @@
+{
+  "cniVersion": "0.4.0",
+  "name": "mynet",
+  "type": "macvlan",
+  "master": "{{ macvlan_interface }}",
+  "hairpinMode": true,
+  "ipam": {
+    "type": "host-local",
+    "subnet": "{{ node_pod_cidr }}",
+    "routes": [
+      { "dst": "0.0.0.0/0" }
+    ],
+    "gateway": "{{ node_pod_cidr|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
+  }
+}
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/99-loopback.conf.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/99-loopback.conf.j2
@@ -0,0 +1,5 @@
+{
+  "cniVersion": "0.2.0",
+  "name": "lo",
+  "type": "loopback"
+}
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-network-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-network-macvlan.cfg.j2
@@ -0,0 +1,14 @@
+DEVICE=mac0
+DEVICETYPE=macvlan
+TYPE=macvlan
+BOOTPROTO=none
+ONBOOT=yes
+NM_CONTROLLED=no
+
+MACVLAN_PARENT={{ macvlan_interface }}
+MACVLAN_MODE=bridge
+
+IPADDR={{ node_pod_cidr|ipaddr('net')|ipaddr(1)|ipaddr('address') }}
+NETMASK={{ node_pod_cidr|ipaddr('netmask') }}
+NETWORK={{ node_pod_cidr|ipaddr('network') }}
+
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-postdown-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-postdown-macvlan.cfg.j2
@@ -0,0 +1,4 @@
+{% if enable_nat_default_gateway %}
+iptables -t nat -D POSTROUTING -s {{ node_pod_cidr|ipaddr('net') }} -o {{ node_default_gateway_interface }} -j MASQUERADE
+{% endif %}
+
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-postup-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-postup-macvlan.cfg.j2
@@ -0,0 +1,4 @@
+{% if enable_nat_default_gateway %}
+iptables -t nat -I POSTROUTING -s {{ node_pod_cidr|ipaddr('net') }} -o {{ node_default_gateway_interface }} -j MASQUERADE
+{% endif %}
+
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-routes-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/centos-routes-macvlan.cfg.j2
@@ -0,0 +1,7 @@
+{% for host in groups['kube_node'] %}
+{% if hostvars[host]['access_ip'] is defined  %}
+{% if hostvars[host]['node_pod_cidr'] != node_pod_cidr  %}
+{{ hostvars[host]['node_pod_cidr'] }} via {{ hostvars[host]['access_ip'] }}
+{% endif %}
+{% endif %}
+{% endfor %}
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-device-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-device-macvlan.cfg.j2
@@ -0,0 +1,6 @@
+[NetDev]
+Name=mac0
+Kind=macvlan
+
+[MACVLAN]
+Mode=bridge
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-interface-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-interface-macvlan.cfg.j2
@@ -0,0 +1,6 @@
+[Match]
+Name={{ macvlan_interface }}
+
+[Network]
+MACVLAN=mac0
+DHCP=yes
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-network-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-network-macvlan.cfg.j2
@@ -0,0 +1,18 @@
+[Match]
+Name=mac0
+
+[Network]
+Address={{ node_pod_cidr|ipaddr('net')|ipaddr(1)|ipaddr('address') }}/{{ node_pod_cidr|ipaddr('prefix') }}
+
+{% for host in groups['kube_node'] %}
+{% if hostvars[host]['access_ip'] is defined  %}
+{% if hostvars[host]['node_pod_cidr'] != node_pod_cidr  %}
+[Route]
+Gateway={{ hostvars[host]['access_ip'] }}
+Destination={{ hostvars[host]['node_pod_cidr'] }}
+GatewayOnlink=yes
+
+{% endif %}
+{% endif %}
+{% endfor %}
+
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-service-nat_ouside.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/coreos-service-nat_ouside.j2
@@ -0,0 +1,6 @@
+[Service]
+Type=oneshot
+ExecStart=/bin/bash -c "iptables -t nat -I POSTROUTING -s {{ node_pod_cidr|ipaddr('net') }} -o {{ node_default_gateway_interface }} -j MASQUERADE"
+
+[Install]
+WantedBy=sys-subsystem-net-devices-mac0.device
--- a/ansible/kubespray/roles/network_plugin/macvlan/templates/debian-network-macvlan.cfg.j2
+++ b/ansible/kubespray/roles/network_plugin/macvlan/templates/debian-network-macvlan.cfg.j2
@@ -0,0 +1,27 @@
+auto mac0
+iface mac0 inet static
+    address {{ node_pod_cidr|ipaddr('net')|ipaddr(1)|ipaddr('address') }}
+    network {{ node_pod_cidr|ipaddr('network') }}
+    netmask {{ node_pod_cidr|ipaddr('netmask') }}
+    broadcast {{ node_pod_cidr|ipaddr('broadcast') }}
+    pre-up ip link add link {{ macvlan_interface }} mac0 type macvlan mode bridge
+{% for host in groups['kube_node'] %}
+{% if hostvars[host]['access_ip'] is defined  %}
+{% if hostvars[host]['node_pod_cidr'] != node_pod_cidr  %}
+    post-up ip route add {{ hostvars[host]['node_pod_cidr'] }} via {{ hostvars[host]['access_ip'] }}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% if enable_nat_default_gateway %}
+    post-up iptables -t nat -I POSTROUTING -s {{ node_pod_cidr|ipaddr('net') }} -o {{ node_default_gateway_interface }} -j MASQUERADE
+{% endif %}
+{% for host in groups['kube_node'] %}
+{% if hostvars[host]['access_ip'] is defined  %}
+{% if hostvars[host]['node_pod_cidr'] != node_pod_cidr  %}
+    post-down ip route del {{ hostvars[host]['node_pod_cidr'] }} via {{ hostvars[host]['access_ip'] }}
+{% endif %}
+{% endif %}
+{% endfor %}
+    post-down iptables -t nat -D POSTROUTING -s {{ node_pod_cidr|ipaddr('net') }} -o {{ node_default_gateway_interface }} -j MASQUERADE
+    post-down ip link delete mac0
+