Fix network coherence & firewall

2021-02-16 00:47:08 +01:00 · 2021-02-16 00:47:08 +01:00 · 39c5ef5e82
commit 39c5ef5e82
parent 8bbd3fa11c
5 changed files with 44 additions and 21 deletions
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@ -32,19 +32,20 @@
  when:
    - kubernetes_server|bool

-#- name: Reload firewalld configuration
-#  service:
-#    name: firewalld
-#    state: reloaded
-#    enabled: yes
-#  when:
-#    - kubernetes_server|bool
-
- name: reload firewalld to refresh service list
-  command: firewall-cmd --reload
+- name: Reload firewalld configuration
+  service:
+    name: firewalld
+    state: reloaded
+    enabled: yes
  when:
-    - need_firewalld_reload is changed
    - kubernetes_server|bool
+    - need_firewalld_reload is changed
+
+#- name: reload firewalld to refresh service list
+#  command: firewall-cmd --reload
+#  when:
+#    - need_firewalld_reload is changed
+#    - kubernetes_server|bool

 # Définir interface
 - name: Open Firewalld
@ -58,6 +59,30 @@
 #    - firewall_name == "firewalld"
    - kubernetes_server|bool

+- name: Create kubernetes firewalld zone
+  firewalld:
+    zone: kubernetes
+    permanent: true
+    state: present
+  when:
+    - kubernetes_server|bool
+- name: Add PODs network to kubernetes firewalld zone
+  firewalld:
+    zone: kubernetes
+    permanent: true
+    state: enabled
+    source: "{{ kubernetes_pods_network }}"
+  when:
+    - kubernetes_server|bool
+- name: Add Services network to kubernetes firewalld zone
+  firewalld:
+    zone: kubernetes
+    permanent: true
+    state: enabled
+    source: "10.96.0.0/12"
+  when:
+    - kubernetes_server|bool
+
 - name: Install kubernetes tools
  dnf:
    name: "{{ kubernetes_package_name }}"