klal

roles/kubernetes/tasks/Rocky.yml

@@ -261,4 +261,42 @@
         state: present
         create: yes
       loop: "{{ aliases | dict2items }}"
-      when: inventory_hostname.endswith('-vm01.home.lan')
+      when: inventory_hostname.endswith('-vm01.home.lan')
+      
+    - name: Allow TCP 10250 from 192.168.77.0/24
+      firewalld:
+        source: 192.168.77.0/24
+        port: 10250/tcp
+        permanent: yes
+        state: enabled
+        immediate: yes
+        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="10250" protocol="tcp" accept'
+
+    - name: Allow UDP 8472 from 192.168.77.0/24
+      firewalld:
+        source: 192.168.77.0/24
+        port: 8472/udp
+        permanent: yes
+        state: enabled
+        immediate: yes
+        rich_rule: 'rule family="ipv4" source address="192.168.77.0/24" port port="8472" protocol="udp" accept'
+
+    - name: Add flannel.1 interface to trusted zone
+      firewalld:
+        interface: flannel.1
+        zone: trusted
+        permanent: yes
+        state: enabled
+        immediate: yes
+
+    - name: Add cni0 interface to trusted zone
+      firewalld:
+        interface: cni0
+        zone: trusted
+        permanent: yes
+        state: enabled
+        immediate: yes
+
+    - name: Reload firewalld
+      firewalld:
+        state: reloaded