Set firewall rules for custom CIDR ranges (#293)

Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
2024-02-23 04:04:36 +10:30 · 2024-02-23 04:04:36 +10:30 · 9c8ba5c155
parent 060362178d
commit 9c8ba5c155
2 changed files with 5 additions and 6 deletions
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@ -57,9 +57,7 @@
      community.general.ufw:
        rule: allow
        src: '{{ item }}'
-      loop:
-        - 10.42.0.0/16  # Pods
-        - 10.43.0.0/16  # Services
+      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"

 - name: Allow Firewalld Exceptions
  when:
@ -90,9 +88,7 @@
        state: enabled
        permanent: true
        immediate: true
-      loop:
-        - 10.42.0.0/16  # Pods
-        - 10.43.0.0/16  # Services
+      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"

 - name: Add br_netfilter to /etc/modules-load.d/
  ansible.builtin.copy:
--- a/roles/prereq/vars/main.yml
+++ b/roles/prereq/vars/main.yml
@ -0,0 +1,3 @@
+---
+cluster_cidr: "{{ (server_config_yaml | from_yaml)['cluster-cidr'] | default('10.42.0.0/16') }}"
+service_cidr: "{{ (server_config_yaml | from_yaml)['service-cidr'] | default('10.43.0.0/16') }}"