ks8-master-internal-lb

#! /bin/bash

K8S_MASTER_IP1="16.143.21.1"
K8S_MASTER_IP2="16.143.21.3"
K8S_MASTER_IP3="16.143.21.4"
K8S_API_PORT="6443"

VIRTUAL_IP="10.96.0.12"
VIRTUAL_PORT="443"

# New chain
iptables -t nat -N EZKF

iptables -t nat -N EZKF-K8S-API

# One chain per master
iptables -t nat -N EZAF-K8SAPI-1
iptables -t nat -N EZAF-K8SAPI-2
iptables -t nat -N EZAF-K8SAPI-3

# Link from output chain to our chain
iptables -t nat -I OUTPUT -m comment --comment "ezkf services" -j EZKF

# For each k8s master, create a rule in its own chain
iptables -t nat -A EZAF-K8SAPI-1 -p tcp -d $VIRTUAL_IP/32 --dport $VIRTUAL_PORT -j DNAT --to-destination $K8S_MASTER_IP1:$K8S_API_PORT
iptables -t nat -A EZAF-K8SAPI-2 -p tcp -d $VIRTUAL_IP/32 --dport $VIRTUAL_PORT -j DNAT --to-destination $K8S_MASTER_IP2:$K8S_API_PORT
iptables -t nat -A EZAF-K8SAPI-3 -p tcp -d $VIRTUAL_IP/32 --dport $VIRTUAL_PORT -j DNAT --to-destination $K8S_MASTER_IP3:$K8S_API_PORT

# For each k8s master, redirect to its individual chain (simple round robin)
iptables -t nat -A EZKF-K8S-API -m comment --comment "ezkf k8s api" -m statistic --mode random --probability 0.33000000000 -j EZAF-K8SAPI-1
iptables -t nat -A EZKF-K8S-API -m comment --comment "ezkf k8s api" -m statistic --mode random --probability 0.33000000000 -j EZAF-K8SAPI-2
iptables -t nat -A EZKF-K8S-API -m comment --comment "ezkf k8s api" -j EZAF-K8SAPI-3


# Link from main EZKF table to k8s-api service, if we need to add more services, we can add them in this table
# and link to other chains
iptables -t nat -A EZKF -d $VIRTUAL_IP/32 -p tcp -m comment --comment "ezkf k8s api" -m tcp --dport $VIRTUAL_PORT -j EZKF-K8S-API




# CLEANUP
iptables -t nat -D OUTPUT -m comment --comment "ezkf services" -j EZKF
iptables -t nat -X EZAF-K8SAPI-1
iptables -t nat -X EZAF-K8SAPI-2
iptables -t nat -X EZAF-K8SAPI-3
iptables -t nat -X EZKF-K8S-API
iptables -t nat -X EZKF