Unverified Commit 9c8ba5c1 authored by laszlojau's avatar laszlojau Committed by GitHub
Browse files

Set firewall rules for custom CIDR ranges (#293) 



Signed-off-by: default avatarlaszlojau <49835454+laszlojau@users.noreply.github.com>
parent 06036217

roles/prereq/tasks/main.yml

+2 −6
Original line number Diff line number Diff line
@@ -57,9 +57,7 @@ 
      community.general.ufw:

        rule: allow

        src: '{{ item }}'

      loop:

        - 10.42.0.0/16  # Pods

        - 10.43.0.0/16  # Services

      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"



- name: Allow Firewalld Exceptions

  when:
@@ -90,9 +88,7 @@ 
        state: enabled

        permanent: true

        immediate: true

      loop:

        - 10.42.0.0/16  # Pods

        - 10.43.0.0/16  # Services

      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"



- name: Add br_netfilter to /etc/modules-load.d/

  ansible.builtin.copy:

roles/prereq/vars/main.yml

0 → 100644
+3 −0
Original line number Diff line number Diff line 
---

cluster_cidr: "{{ (server_config_yaml | from_yaml)['cluster-cidr'] | default('10.42.0.0/16') }}"

service_cidr: "{{ (server_config_yaml | from_yaml)['service-cidr'] | default('10.43.0.0/16') }}"