diff options
| -rw-r--r-- | ansible/roles/k8s/tasks/ufw.yml | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/ansible/roles/k8s/tasks/ufw.yml b/ansible/roles/k8s/tasks/ufw.yml index 2d8dec5..118f332 100644 --- a/ansible/roles/k8s/tasks/ufw.yml +++ b/ansible/roles/k8s/tasks/ufw.yml @@ -9,7 +9,7 @@ community.general.ufw: rule: allow port: 6443 - proto: tcp + proto: any comment: "Kubernetes API server" notify: Restart UFW @@ -25,7 +25,7 @@ community.general.ufw: rule: allow port: 10250 - proto: tcp + proto: any comment: "Kubelet API" notify: Restart UFW @@ -33,7 +33,7 @@ community.general.ufw: rule: allow port: 10259 - proto: tcp + proto: any comment: "kube-scheduler" notify: Restart UFW @@ -41,7 +41,7 @@ community.general.ufw: rule: allow port: 10257 - proto: tcp + proto: any comment: "kube-controller-manager" notify: Restart UFW @@ -49,7 +49,7 @@ community.general.ufw: rule: allow port: 10256 - proto: tcp + proto: any comment: "kube-proxy" notify: Restart UFW @@ -61,6 +61,24 @@ comment: "NodePort services" notify: Restart UFW +- name: Allow from 10.42.0.0/16 to any + community.general.ufw: + rule: allow + from_ip: 10.42.0.0/16 + to_ip: any + proto: any + comment: "pods" + notify: Restart UFW + +- name: Allow from 10.43.0.0/16 to any + community.general.ufw: + rule: allow + from_ip: 10.43.0.0/16 + to_ip: any + proto: any + comment: "services" + notify: Restart UFW + - name: Enable UFW community.general.ufw: state: enabled |