mirror of
https://github.com/k3s-io/k3s-ansible.git
synced 2024-10-30 07:59:38 +01:00
Update firewall rules (#329)
Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
This commit is contained in:
parent
64e38ee702
commit
8120b7c0d1
@ -73,7 +73,7 @@
|
||||
- name: If firewalld enabled, open api port
|
||||
ansible.posix.firewalld:
|
||||
port: "{{ api_port }}/tcp"
|
||||
zone: trusted
|
||||
zone: internal
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
@ -82,11 +82,42 @@
|
||||
when: groups['server'] | length > 1
|
||||
ansible.posix.firewalld:
|
||||
port: "2379-2381/tcp"
|
||||
zone: trusted
|
||||
zone: internal
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
|
||||
- name: If firewalld enabled, open inter-node ports
|
||||
ansible.posix.firewalld:
|
||||
port: "{{ item }}"
|
||||
zone: internal
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
with_items:
|
||||
- 5001/tcp # Spegel (Embedded distributed registry)
|
||||
- 8472/udp # Flannel VXLAN
|
||||
- 10250/tcp # Kubelet metrics
|
||||
- 51820/udp # Flannel Wireguard (IPv4)
|
||||
- 51821/udp # Flannel Wireguard (IPv6)
|
||||
|
||||
- name: If firewalld enabled, allow node CIDRs
|
||||
ansible.posix.firewalld:
|
||||
source: "{{ item }}"
|
||||
zone: internal
|
||||
state: enabled
|
||||
permanent: true
|
||||
immediate: true
|
||||
loop: >-
|
||||
{{
|
||||
(
|
||||
groups['server'] | default([])
|
||||
+ groups['agent'] | default([])
|
||||
)
|
||||
| map('extract', hostvars, ['ansible_default_ipv4', 'address'])
|
||||
| flatten | unique | list
|
||||
}}
|
||||
|
||||
- name: If firewalld enabled, allow default CIDRs
|
||||
ansible.posix.firewalld:
|
||||
source: "{{ item }}"
|
||||
|
Loading…
Reference in New Issue
Block a user