65 lines
1.6 KiB
YAML
65 lines
1.6 KiB
YAML
---
|
|
firewalld_add:
|
|
- name: internal
|
|
masquerade: false
|
|
forward: true
|
|
interfaces:
|
|
- eth0
|
|
services:
|
|
- dhcpv6-client
|
|
- ssh
|
|
- http
|
|
- https
|
|
ports:
|
|
- 9100/tcp # node exporter
|
|
- 6443/tcp # kubernetes API
|
|
- 9345/tcp # supervisor API
|
|
- 10250/tcp # kubelet metrics
|
|
- 2379/tcp # etcd client
|
|
- 2380/tcp # etcd peer
|
|
- 2381/tcp # etcd metrics
|
|
- 30000-32767/tcp # NodePort range
|
|
|
|
# Canal CNI - Default -
|
|
- 8472/udp # canal vxlan
|
|
- 9099/tcp # canal health checks
|
|
- 51820/udp # canal WireGuard IPv4
|
|
- 51821/udp # canal WireGuard IPv6/dual-stack
|
|
|
|
# Cilium CNI
|
|
#- 8472/udp # cilium vxlan
|
|
#- 4240/tcp # cilium health checks
|
|
#- 8/0/icmp # cilium health checks
|
|
#- 51871/udp # cilium wireguard
|
|
#- 4244/tcp # hubble relay
|
|
#- 4245/tcp # hubble relay
|
|
#- 9962/tcp # cilium agent prometheus
|
|
#- 9963/tcp # cilium operator prometheus
|
|
#- 9964/tcp # cilium proxy prometheus
|
|
#- 2379-2380/tcp # etcd access
|
|
|
|
# Calico CNI
|
|
# - 179/tcp # calico bgp
|
|
# - 4789/udp # calico vxlan
|
|
# - 5473/tcp # calico typha
|
|
# - 9098/tcp # calico typha health checks
|
|
# - 9099/tcp # calico health checks
|
|
# - 51820/udp # calico WireGuard IPv4
|
|
# - 51821/udp # calico WireGuard IPv6/dual-stack
|
|
|
|
# Flannel CNI
|
|
#- 8472/udp # flannel vxlan
|
|
#- 4789/udp
|
|
|
|
- name: trusted
|
|
sources:
|
|
- 10.42.0.0/16
|
|
- 10.43.0.0/16
|
|
- 10.0.0.0/16
|
|
|
|
firewalld_remove:
|
|
- name: public
|
|
services:
|
|
- dhcpv6-client
|
|
- ssh
|