Dell-Omnia-Clusters-HPC-AI/control_plane/roles/control_plane_k8s/tasks/k8s_firewalld.yml

#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
---

- name: Configure firewalld on master nodes
  firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
  with_items: '{{ k8s_master_ports }}'

- name: Open calico UDP ports on the firewall
  firewalld:
    port: "{{ item }}/udp"
    permanent: yes
    state: enabled
  with_items: "{{ calico_udp_ports }}"

- name: Open calico TCP ports on the firewall
  firewalld:
    port: "{{ item }}/tcp"
    permanent: yes
    state: enabled
  with_items: "{{ calico_tcp_ports }}"

- name: Masquerade the firewall
  command: firewall-cmd --add-masquerade --permanent
  changed_when: true
  tags: firewalld

- name: Reload firewalld
  command: firewall-cmd --reload
  changed_when: true