From 14c76fc7b675152c8a4f4ecf4defe9c50b1795f0 Mon Sep 17 00:00:00 2001 From: Bradley Bickford Date: Tue, 24 Sep 2024 19:19:05 -0400 Subject: [PATCH] Adding firewalld and SELinux configuration for Kubernetes in configure_node_for_k8s --- inventories/kubernetes | 6 +++--- playbooks/configure_node_for_k8s.yml | 32 ++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/inventories/kubernetes b/inventories/kubernetes index 71d5f17..d316a58 100644 --- a/inventories/kubernetes +++ b/inventories/kubernetes @@ -1,9 +1,9 @@ [masters] -KubeMaster ansible_host=192.168.100.2 +KubeMaster ansible_host=192.168.100.2 master=true [workers] -KubeWorker1 ansible_host=192.168.100.3 -KubeWorker2 ansible_host=192.168.100.4 +KubeWorker1 ansible_host=192.168.100.3 worker=true +KubeWorker2 ansible_host=192.168.100.4 worker=true [ansible] Ansible ansible_host=192.168.100.5 \ No newline at end of file diff --git a/playbooks/configure_node_for_k8s.yml b/playbooks/configure_node_for_k8s.yml index 2df2eac..d8ca67a 100644 --- a/playbooks/configure_node_for_k8s.yml +++ b/playbooks/configure_node_for_k8s.yml @@ -16,6 +16,38 @@ persistent: present state: present + - name: Set SELinux to Permissive + ansible.posix.selinux: + state: disabled + + - name: Set firewalld configuration | Master Nodes + ansible.posix.firewalld: + port: "{{ item }}" + permanent: true + state: enabled + loop: + - "6443/tcp" + - "2379-2380/tcp" + - "10250/tcp" + - "10251/tcp" + - "10259/tcp" + - "10257/tcp" + - "179/tcp" + - "4789/udp" + when: master | default(false) + + - name: Set firewalld configuration | Worker Nodes + ansible.posix.firewalld: + port: "{{ item }}" + permanent: true + state: enabled + loop: + - "179/tcp" + - "10250/tcp" + - "30000-32767/tcp" + - "4789/udp" + when: worker | default(false) + - name: Create network settings configuration file ansible.builtin.blockinfile: path: "/etc/sysctl.d/99-kubernetes-cri.conf"