From 7ebc546d2b5905298cb0db6e89d8ad4d3350933d Mon Sep 17 00:00:00 2001
From: jaydee <jaydee@sectorq.eu>
Date: Sat, 21 Feb 2026 03:01:43 +0100
Subject: [PATCH] build

---
 roles/kubernetes/tasks/Rocky.yml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/roles/kubernetes/tasks/Rocky.yml b/roles/kubernetes/tasks/Rocky.yml
index 5fb9c89..3ac8820 100644
--- a/roles/kubernetes/tasks/Rocky.yml
+++ b/roles/kubernetes/tasks/Rocky.yml
@@ -145,7 +145,37 @@
       register: join_command
       when: inventory_hostname == 'rocky9-vm01.home.lan'
 
+    - name: Ensure firewalld is running
+      ansible.builtin.service:
+        name: firewalld
+        state: started
+        enabled: true
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
 
+    - name: Open Kubernetes API server port (6443)
+      ansible.posix.firewalld:
+        port: 6443/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Open etcd ports (2379-2380)
+      ansible.posix.firewalld:
+        port: 2379-2380/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Open kubelet and scheduler ports (10250-10252)
+      ansible.posix.firewalld:
+        port: 10250-10252/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+      
     - name: Save join command
       set_fact:
         worker_join_cmd: "{{ join_command.stdout }}"