diff --git a/roles/kubernetes/tasks/Rocky.yml b/roles/kubernetes/tasks/Rocky.yml index 3ac8820..9140fba 100644 --- a/roles/kubernetes/tasks/Rocky.yml +++ b/roles/kubernetes/tasks/Rocky.yml @@ -100,7 +100,36 @@ name: kubelet enabled: yes state: started + - name: Ensure firewalld is running + ansible.builtin.service: + name: firewalld + state: started + enabled: true + when: inventory_hostname == 'rocky9-vm01.home.lan' + - name: Open Kubernetes API server port (6443) + ansible.posix.firewalld: + port: 6443/tcp + permanent: yes + state: enabled + immediate: yes + when: inventory_hostname == 'rocky9-vm01.home.lan' + + - name: Open etcd ports (2379-2380) + ansible.posix.firewalld: + port: 2379-2380/tcp + permanent: yes + state: enabled + immediate: yes + when: inventory_hostname == 'rocky9-vm01.home.lan' + + - name: Open kubelet and scheduler ports (10250-10252) + ansible.posix.firewalld: + port: 10250-10252/tcp + permanent: yes + state: enabled + immediate: yes + when: inventory_hostname == 'rocky9-vm01.home.lan' - name: Initialize Kubernetes command: kubeadm init --pod-network-cidr=10.244.0.0/16 args: @@ -145,36 +174,7 @@ register: join_command when: inventory_hostname == 'rocky9-vm01.home.lan' - - name: Ensure firewalld is running - ansible.builtin.service: - name: firewalld - state: started - enabled: true - when: inventory_hostname == 'rocky9-vm01.home.lan' - - name: Open Kubernetes API server port (6443) - ansible.posix.firewalld: - port: 6443/tcp - permanent: yes - state: enabled - immediate: yes - when: inventory_hostname == 'rocky9-vm01.home.lan' - - - name: Open etcd ports (2379-2380) - ansible.posix.firewalld: - port: 2379-2380/tcp - permanent: yes - state: enabled - immediate: yes - when: inventory_hostname == 'rocky9-vm01.home.lan' - - - name: Open kubelet and scheduler ports (10250-10252) - ansible.posix.firewalld: - port: 10250-10252/tcp - permanent: yes - state: enabled - immediate: yes - when: inventory_hostname == 'rocky9-vm01.home.lan' - name: Save join command set_fact: