From 17e3318c3cd77edf4fe7f44b1768ffb08e20e626 Mon Sep 17 00:00:00 2001
From: Jon <jonathon.lockwood@networkedweb.com>
Date: Mon, 18 Mar 2024 19:09:17 +0930
Subject: [PATCH] fix(firewall): ensure slave nodes can access ALL masters API
 point

!48
---
 .../templates/iptables-kubernetes.rules.j2               | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2 b/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
index 53f0a21..7994788 100644
--- a/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
+++ b/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
@@ -149,8 +149,13 @@
 
       {#- All cluster Hosts -#}
 
-
-      {%- if nfc_role_kubernetes_master | default(false) | bool -%}
+      {%- if 
+        nfc_role_kubernetes_master | default(false) | bool
+          and
+        kubernetes_host not in groups['kubernetes_master']
+          and
+        '-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT' not in data.firewall_rules
+      -%}
 
         {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-api -s ' + kubernetes_host + ' -j ACCEPT'] -%}