From e6206ca9297d94b57d1f81815a1c3d6d1891b200 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Mon, 16 Sep 2024 16:46:19 +0200
Subject: [PATCH 1/2] Fix pod & svc network

---
 defaults/main.yml                | 5 ++++-
 tasks/RedHat.yml                 | 2 +-
 templates/kubeadm-config.yaml.j2 | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index d6fb683..49d542c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,7 +8,10 @@ kubernetes_interface: '{{ ansible_default_ipv4.interface }}'
 kubernetes_kubeproxy_mode: ipvs
 kubernetes_version: 1.31.0
 kubernetes_k3s_version: 1.31.0+k3s1
-kubernetes_pods_network: "10.244.0.0/16"
+#kubernetes_pods_network: "10.244.0.0/16"
+#kubernetes_svc_network: "10.96.0.0/12"
+kubernetes_pods_network: "10.42.0.0/16"
+kubernetes_svc_network: "10.43.0.0/16"
 lb_auth_pass: 1be344d62acc46c6858ae8475668a245
 kubernetes_swap_enabled: false
 kubernetes_lvm: true
diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml
index cae93ba..bcbf718 100644
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@@ -119,7 +119,7 @@
     - kubernetes_server|bool
   with_items:
     - "{{ kubernetes_pods_network }}"
-    - "10.96.0.0/12"
+    - "{{ kubernetes_svc_network }}"
 
 - name: Add kubernetes networks to trusted firewalld zone
   ansible.posix.firewalld:
diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
index 00ee1b7..7d833b5 100644
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@@ -85,6 +85,7 @@ apiServer:
 {% if kubernetes_network == "flannel" or kubernetes_network == "calico" %}
 networking:
   podSubnet: "{{ kubernetes_pods_network }}"
+  serviceSubnet: "{{ kubernetes_svc_network }}"
 {% endif %}
 controllerManager:
   extraArgs:

From 453ed3df657e20eabf35149f163b59ac54c601b4 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Mon, 16 Sep 2024 16:46:57 +0200
Subject: [PATCH 2/2] Add forgoten file

---
 templates/etc/rancher/k3s/config.yaml.j2 | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/templates/etc/rancher/k3s/config.yaml.j2 b/templates/etc/rancher/k3s/config.yaml.j2
index fb504b7..bed1d77 100644
--- a/templates/etc/rancher/k3s/config.yaml.j2
+++ b/templates/etc/rancher/k3s/config.yaml.j2
@@ -1,4 +1,8 @@
+{% if 'Vpn' in group_names %}
+flannel-backend: vxlan
+{% else %}
 flannel-backend: wireguard-native
+{% endif %}
 protect-kernel-defaults: true
 {% if kubernetes_master|bool %}
 secrets-encryption: true
@@ -13,6 +17,10 @@ kube-apiserver-arg:
 #  - "request-timeout=300s"
 kube-controller-manager-arg:
   - 'terminated-pod-gc-threshold=10'
+cluster-cidr:
+  - {{ kubernetes_pods_network }}
+service-cidr:
+  - {{ kubernetes_svc_network }}
 {% if vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined %}
 cluster-init: true
 {% else %}
@@ -32,6 +40,11 @@ selinux: true
 #embedded-registry: true
 disable:
   - traefik
+{% if kubernetes_interface is defined %}
+node-ip: {{ kubernetes_interface.address }}
+#node-ip: {{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}
+{% endif %}
+node-external-ip: {{ ansible_host }}
 {% if false %}
 # node-external-ip: 1.2.3.4
 #node-label: