├── defaults └── main.yaml ├── handlers └── main.yaml ├── CHANGELOG.md ├── tasks └── main.yaml ├── meta └── main.yml ├── templates └── netplan.yaml.tpl └── README.md /defaults/main.yaml: -------------------------------------------------------------------------------- 1 | vswitches: [] -------------------------------------------------------------------------------- /handlers/main.yaml: -------------------------------------------------------------------------------- 1 | - name: netplan apply 2 | command: netplan apply -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## v1.0.0 4 | 5 | * Create Ansible role 6 | * Registered Ansible role with Ansible Galaxy 7 | -------------------------------------------------------------------------------- /tasks/main.yaml: -------------------------------------------------------------------------------- 1 | - name: Create Routing Tables for vSwitch interfaces 2 | lineinfile: 3 | path: /etc/iproute2/rt_tables 4 | regexp: '^{{ item.routing_table | default(1) }}\s' 5 | line: '{{ item.routing_table | default(1) }} {{ item.name }}' 6 | with_items: "{{ vswitches }}" 7 | 8 | - name: Write netplan configuration for vSwitch interfaces 9 | template: 10 | src: netplan.yaml.tpl 11 | dest: /etc/netplan/99-k8s-public.yaml 12 | owner: root 13 | group: root 14 | mode: '0644' 15 | notify: 16 | - netplan apply -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | role_name: hvswitch_k8s 3 | author: Matthias Lohr 4 | description: Ansible role for setting up Hetzner vSwitches and server networking for Kubernetes 5 | company: https://mlohr.com/ 6 | license: MIT 7 | 8 | min_ansible_version: 2.2 9 | 10 | platforms: 11 | - name: Debian 12 | versions: 13 | - all 14 | - name: Ubuntu 15 | versions: 16 | - all 17 | 18 | galaxy_tags: 19 | - hetzner 20 | - kubernetes 21 | - vswitch 22 | - metallb 23 | - netplan 24 | 25 | dependencies: [] -------------------------------------------------------------------------------- /templates/netplan.yaml.tpl: -------------------------------------------------------------------------------- 1 | network: 2 | version: 2 3 | vlans: 4 | {% for vswitch in vswitches %} 5 | # Configure vSwitch {{ vswitch.name }} 6 | {{ ansible_default_ipv4.interface }}.{{ vswitch.vlan }}: 7 | id: {{ vswitch.vlan }} 8 | link: {{ ansible_default_ipv4.interface }} 9 | mtu: {{ vswitch.mtu | default(1400) }} 10 | addresses: {{ vswitch.addresses }} 11 | {% if vswitch.gateway is defined %} 12 | routes: 13 | - to: 0.0.0.0/0 14 | via: {{ vswitch.gateway }} 15 | table: {{ vswitch.routing_table }} 16 | on-link: true 17 | {% endif %} 18 | {% if vswitch.subnets is defined %} 19 | routing-policy: 20 | {% for subnet in vswitch.subnets %} 21 | - from: {{ subnet.subnet }} 22 | to: {{ kube_service_addresses }} 23 | table: 254 24 | priority: 0 25 | - from: {{ subnet.subnet }} 26 | to: {{ kube_pods_subnet }} 27 | table: 254 28 | priority: 0 29 | - from: {{ subnet.subnet }} 30 | table: {{ vswitch.routing_table }} 31 | priority: 10 32 | - to: {{ subnet.subnet }} 33 | table: {{ vswitch.routing_table }} 34 | priority: 10 35 | {% endfor %} 36 | {% endif %} 37 | {% endfor %} -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role for Hetzner vSwitches for Kubernetes 2 | 3 | This ansible role allows to configure Hetzner vSwitches and servers for Kubernetes clusters supporting additional vSwitch based subnets. 4 | 5 | Neither this project nor the authors are affiliated with Hetzner. 6 | This is a private project of Hetzner customers. 7 | 8 | 9 | ## Project Goals / Features 10 | 11 | Using this ansible role, you can easily configure Hetzner vSwitches on your Hetzner bare metal servers. 12 | Additionally, if you have a vSwitch based subnet, the role will configure all routes and ip rules required for using the subnet within your vSwitch network. 13 | The configuration is compatible to MetalLB for allowing for MetalLB-based HA Kubernetes LoadBalancers. 14 | 15 | The role will do the vSwitch configuration on the servers according to the [official Hetzner tutorial](https://wiki.hetzner.de/index.php/Vswitch/en#Server_configuration_.28Linux.29). 16 | The role will **not** create the vSwitch nor register the IPs in the Hetzner robot. 17 | 18 | 19 | ## Configuration 20 | 21 | All vSwitches to be configured have to be defined under the `vswitch` key. 22 | The following example configuration shows how the configuration should look like for setting up a vSwitch with VLAN ID 4000: 23 | ```yaml 24 | vswitches: 25 | - name: public # vSwitch name, used for naming the routing table. 26 | routing_table: 1 # ID for the routing table. 27 | vlan: 4000 # VLAN ID for the vSwitch. 4000-4091 supported by Hetzner. 28 | gateway: 327.0.0.1 # If the vSwitch has a subnet, this variable should contain the subnet's gateway IP address 29 | addresses: # IP addresses for the vSwitch network interface (per host) 30 | - "{{ hostvars[inventory_hostname]['ip'] }}/24" 31 | subnets: # Subnets available on the vSwitch (need to be registered with Hetzner robot) for non-private networks 32 | - subnet: 327.0.0.0/24 33 | ``` 34 | 35 | The role will use this information to write a netplan configuration file. 36 | --------------------------------------------------------------------------------