From 43353b130b88920a8221e0ad4265358045088406 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Sat, 14 Sep 2024 10:29:48 +0200
Subject: [PATCH] Update firewall configuration

---
 tasks/RedHat.yml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml
index 027e91f..cae93ba 100644
--- a/tasks/RedHat.yml
+++ b/tasks/RedHat.yml
@@ -118,10 +118,23 @@
   when:
     - kubernetes_server|bool
   with_items:
-    - "{{ (lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.network + '/' + lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.netmask) | ansible.utils.ipaddr('net') }}"
     - "{{ kubernetes_pods_network }}"
     - "10.96.0.0/12"
 
+- name: Add kubernetes networks to trusted firewalld zone
+  ansible.posix.firewalld:
+#    zone: kubernetes
+    zone: trusted
+    permanent: true
+    state: enabled
+    source: "{{ item }}"
+  when:
+    - kubernetes_server|bool
+    - kubernetes_interface is defined
+#    - false
+  with_items:
+    - "{{ (lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.network + '/' + lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.netmask) | ansible.utils.ipaddr('net') }}"
+
 - name: Install kubernetes tools
   ansible.builtin.dnf:
     name: "{{ kubernetes_package_name }}"