45 lines
793 B
YAML
45 lines
793 B
YAML
- name: Install required packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- firewalld
|
|
- curl
|
|
|
|
|
|
- name: Enable and start firewalld
|
|
ansible.builtin.service:
|
|
name: firewalld
|
|
state: started
|
|
enabled: yes
|
|
|
|
|
|
- name: Set firewalld rule for required ports
|
|
firewalld:
|
|
port: "{{ item }}"
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
loop:
|
|
- 22/tcp # ssh
|
|
# k3s ports
|
|
- 2379-2380/tcp
|
|
- 6443/tcp
|
|
- 8472/udp
|
|
- 10250/tcp
|
|
# tcp and udb for metallb
|
|
- 7946/udp
|
|
- 7946/tcp
|
|
|
|
|
|
- name: Set firewalld rule for required zones
|
|
firewalld:
|
|
zone: trusted
|
|
source: "{{ item }}"
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
loop:
|
|
- 10.42.0.0/16 # pods
|
|
- 10.43.0.0/16 # services
|