Merge 58e1d34434 into 33c15e7c2f

According to the ansible collection scheme...

README.md

@@ -60,7 +60,7 @@ Setting up a loadbalancer or VIP beforehand to use as the API endpoint is possib
 Start provisioning of the cluster using the following command:
 
 ```bash
-ansible-playbook playbook/site.yml -i inventory.yml
+ansible-playbook playbooks/site.yml -i inventory.yml
 ```
 
 ## Upgrading
@@ -68,7 +68,7 @@ ansible-playbook playbook/site.yml -i inventory.yml
 A playbook is provided to upgrade K3s on all nodes in the cluster. To use it, update `k3s_version` with the desired version in `inventory.yml` and run:
 
 ```bash
-ansible-playbook playbook/upgrade.yml -i inventory.yml
+ansible-playbook playbooks/upgrade.yml -i inventory.yml
 ```
 
 ## Airgap Install
@@ -77,7 +77,7 @@ Airgap installation is supported via the `airgap_dir` variable. This variable sh
 
 An example folder for an x86_64 cluster:
 ```bash
-$ ls ./playbook/my-airgap/
+$ ls ./playbooks/my-airgap/
 total 248M
 -rwxr-xr-x 1 $USER $USER  58M Nov 14 11:28 k3s
 -rw-r--r-- 1 $USER $USER 190M Nov 14 11:30 k3s-airgap-images-amd64.tar.gz

inventory-sample.yml

@@ -19,7 +19,7 @@ k3s_cluster:
     extra_server_args: ""
     extra_agent_args: ""
 
-  # Optional vars
+    # Optional vars
     # cluster_context: k3s-ansible
     # api_port: 6443
     # k3s_server_location: /var/lib/rancher/k3s
@@ -29,12 +29,13 @@ k3s_cluster:
     # List of locally available manifests to apply to the cluster, useful for PVCs or Traefik modifications.
     # extra_manifests: [ '/path/to/manifest1.yaml', '/path/to/manifest2.yaml' ]
     # airgap_dir: /tmp/k3s-airgap-images
-    # user_kubectl: true, by default kubectl is symlinked and configured for use by ansible_user. Set to false to only kubectl via root user.
+    # user_kubectl: true, by default kubectl is symlinked and configured for use by ansible_user.
+    #   Set to false to only kubectl via root user.
     # server_config_yaml:  |
-      # This is now an inner yaml file. Maintain the indentation.
-      # YAML here will be placed as the content of /etc/rancher/k3s/config.yaml
-      # See https://docs.k3s.io/installation/configuration#configuration-file
+    #   This is now an inner yaml file. Maintain the indentation.
+    #   YAML here will be placed as the content of /etc/rancher/k3s/config.yaml
+    #   See https://docs.k3s.io/installation/configuration#configuration-file
     # registries_config_yaml:  |
-      # Containerd can be configured to connect to private registries and use them to pull images as needed by the kubelet.
-      # YAML here will be placed as the content of /etc/rancher/k3s/registries.yaml
-      # See https://docs.k3s.io/installation/private-registry
+    #   Containerd can be configured to connect to private registries and use them to pull images as needed
+    #   by the kubelet. YAML here will be placed as the content of /etc/rancher/k3s/registries.yaml
+    #   See https://docs.k3s.io/installation/private-registry

roles/prereq/tasks/main.yml

@@ -73,7 +73,7 @@
     - name: If firewalld enabled, open api port
       ansible.posix.firewalld:
         port: "{{ api_port }}/tcp"
-        zone: trusted
+        zone: internal
         state: enabled
         permanent: true
         immediate: true
@@ -82,11 +82,26 @@
       when: groups['server'] | length > 1
       ansible.posix.firewalld:
         port: "2379-2381/tcp"
-        zone: trusted
+        zone: internal
         state: enabled
         permanent: true
         immediate: true
 
+    - name: If firewalld enabled, open inbound ports
+      ansible.posix.firewalld:
+        port: "{{ item }}"
+        zone: internal
+        state: enabled
+        permanent: true
+        immediate: true
+      with_items:
+        - 8472/udp
+        - 10250/tcp
+        - 51820/udp
+        - 51821/udp
+        - 5001/tcp
+        - 6443/tcp
+
     - name: If firewalld enabled, allow default CIDRs
       ansible.posix.firewalld:
         source: "{{ item }}"