wunker-bunker/wunker-os
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add more firewall rules

Browse Source
This commit is contained in:
Gerald Pinder
2025-05-17 22:18:15 -04:00
parent 4adfb4a2ef
commit d51297fec9
10 changed files with 35 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
files/rke-common/etc/NetworkManager/conf.d/rke2-canal.conf Normal file
View File

@@ -0,0 +1,2 @@
[keyfile]
unmanaged-devices=interface-name:flannel*;interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico;interface-name:wireguard.cali;interface-name:wg-v6.cali

16
files/rke-common/etc/firewalld/services/rke-common.xml Normal file
View File

@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>RKE Common</short>
<description>Common ports for RKE services.</description>
<port protocol="tcp" port="10250"/>
<port protocol="tcp" start="30000" end="32767"/>
<port protocol="udp" port="8472"/>
<port protocol="tcp" port="9099"/>
<port protocol="udp" port="51820"/>
<port protocol="udp" port="51821"/>
<port protocol="tcp" port="179"/>
<port protocol="udp" port="4789"/>
<port protocol="tcp" port="5473"/>
<port protocol="tcp" port="9098"/>
<port protocol="tcp" port="9099"/>
</service>

0
files/rke_setup/etc/sudoers.d/99_rke2 → files/rke-common/etc/sudoers.d/99_rke2
View File

0
files/rke_setup/usr/lib/systemd/system/create_rke_user.service → files/rke-common/usr/lib/systemd/system/create_rke_user.service
View File

1
files/rke_setup/usr/libexec/rke2/create_rke_user.sh → files/rke-common/usr/libexec/rke2/create_rke_user.sh
View File

@@ -10,5 +10,6 @@ fi
# Add 'rke' to docker group # Add 'rke' to docker group
echo "Adding 'rke' to docker group" echo "Adding 'rke' to docker group"
usermod -aG docker rke usermod -aG docker rke
usermod -aG systemd-journal rke
echo "Done" echo "Done"

0
files/rke_setup/usr/libexec/rke2/skel/.ssh/authorized_keys → files/rke-common/usr/libexec/rke2/skel/.ssh/authorized_keys
View File

11
files/rke-server/etc/firewalld/services/rke-server.xml Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>RKE Server</short>
<description>Ports for RKE server services.</description>
<port protocol="tcp" port="6443"/>
<port protocol="tcp" port="9345"/>
<port protocol="tcp" port="2379"/>
<port protocol="tcp" port="2380"/>
<port protocol="tcp" port="2381"/>
</service>

6
files/rke_setup/etc/firewalld/services/rke.xml
View File

@@ -1,6 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>RKE API</short>
<description>Open port 6443 for Kubernetes API Server.</description>
<port protocol="tcp" port="6443"/>
</service>

2
recipes/common/jp-minis.yml
View File

@@ -26,7 +26,7 @@ modules:
- curl -sfL https://get.rke2.io | sh - curl -sfL https://get.rke2.io | sh
- type: files - type: files
files: files:
- source: rke_setup - source: rke-common
destination: / destination: /
- type: systemd - type: systemd
system: system:

4
recipes/jp-minis-server.yml
View File

@@ -7,6 +7,10 @@ image-version: 42
description: The image of Wunker OS for JP's Minisforum PCs. description: The image of Wunker OS for JP's Minisforum PCs.
modules: modules:
- from-file: common/jp-minis.yml - from-file: common/jp-minis.yml
- type: files
files:
- source: rke-server
destination: /
- type: script - type: script
snippets: snippets:
- curl -sfL https://get.rke2.io | INSTALL_RKE2_SKIP_RELOAD=true sh - curl -sfL https://get.rke2.io | INSTALL_RKE2_SKIP_RELOAD=true sh