From 9c8ba5c1555944f02f7ffadc3b0839530b2782f7 Mon Sep 17 00:00:00 2001
From: laszlojau <49835454+laszlojau@users.noreply.github.com>
Date: Fri, 23 Feb 2024 04:04:36 +1030
Subject: [PATCH] Set firewall rules for custom CIDR ranges (#293)

Signed-off-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
---
 roles/prereq/tasks/main.yml | 8 ++------
 roles/prereq/vars/main.yml  | 3 +++
 2 files changed, 5 insertions(+), 6 deletions(-)
 create mode 100644 roles/prereq/vars/main.yml

diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml
index 7686679..bc0ec8f 100644
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -57,9 +57,7 @@
       community.general.ufw:
         rule: allow
         src: '{{ item }}'
-      loop:
-        - 10.42.0.0/16  # Pods
-        - 10.43.0.0/16  # Services
+      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"
 
 - name: Allow Firewalld Exceptions
   when:
@@ -90,9 +88,7 @@
         state: enabled
         permanent: true
         immediate: true
-      loop:
-        - 10.42.0.0/16  # Pods
-        - 10.43.0.0/16  # Services
+      loop: "{{ (cluster_cidr + ',' + service_cidr) | split(',') }}"
 
 - name: Add br_netfilter to /etc/modules-load.d/
   ansible.builtin.copy:
diff --git a/roles/prereq/vars/main.yml b/roles/prereq/vars/main.yml
new file mode 100644
index 0000000..0ea00d5
--- /dev/null
+++ b/roles/prereq/vars/main.yml
@@ -0,0 +1,3 @@
+---
+cluster_cidr: "{{ (server_config_yaml | from_yaml)['cluster-cidr'] | default('10.42.0.0/16') }}"
+service_cidr: "{{ (server_config_yaml | from_yaml)['service-cidr'] | default('10.43.0.0/16') }}"