Add more firewall rules

files/rke-common/etc/NetworkManager/conf.d/rke2-canal.conf

@@ -0,0 +1,2 @@
+[keyfile]
+unmanaged-devices=interface-name:flannel*;interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico;interface-name:wireguard.cali;interface-name:wg-v6.cali

files/rke-common/etc/firewalld/services/rke-common.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>RKE Common</short>
+  <description>Common ports for RKE services.</description>
+  <port protocol="tcp" port="10250"/>
+  <port protocol="tcp" start="30000" end="32767"/>
+  <port protocol="udp" port="8472"/>
+  <port protocol="tcp" port="9099"/>
+  <port protocol="udp" port="51820"/>
+  <port protocol="udp" port="51821"/>
+  <port protocol="tcp" port="179"/>
+  <port protocol="udp" port="4789"/>
+  <port protocol="tcp" port="5473"/>
+  <port protocol="tcp" port="9098"/>
+  <port protocol="tcp" port="9099"/>
+</service>

files/rke-common/etc/sudoers.d/99_rke2

@@ -0,0 +1,3 @@
+Cmnd_Alias RKE_CMDS = /usr/bin/chown, /usr/bin/chmod, /usr/bin/mkdir, /usr/bin/systemctl, /usr/bin/cp, /usr/bin/find, /usr/bin/ls, /usr/bin/reboot, /usr/bin/install, /usr/bin/rke2, /usr/bin/firewall-cmd
+
+rke ALL=(root) NOPASSWD: RKE_CMDS