build

roles/kubernetes/tasks/Rocky.yml

@@ -145,7 +145,37 @@
       register: join_command
       when: inventory_hostname == 'rocky9-vm01.home.lan'
 
+    - name: Ensure firewalld is running
+      ansible.builtin.service:
+        name: firewalld
+        state: started
+        enabled: true
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
 
+    - name: Open Kubernetes API server port (6443)
+      ansible.posix.firewalld:
+        port: 6443/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Open etcd ports (2379-2380)
+      ansible.posix.firewalld:
+        port: 2379-2380/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+
+    - name: Open kubelet and scheduler ports (10250-10252)
+      ansible.posix.firewalld:
+        port: 10250-10252/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: inventory_hostname == 'rocky9-vm01.home.lan'
+      
     - name: Save join command
       set_fact:
         worker_join_cmd: "{{ join_command.stdout }}"