fix(firewall): correct rules so that kubernetes hosts are added to firewall allowed hosts

!5 #2

defaults/main.yml

@@ -37,30 +37,6 @@ nfc_kubernetes:
 
 k3s:
   files:
-    # - name: config.yaml
-    #   path: /etc/rancher/k3s
-    #   content: |
-    #     flannel-backend: none
-    #     cluster-cidr: "{{ KubernetesPodSubnet }}"
-    #     cluster-init: true
-    #     {% if not Kubernetes_Prime | default(false) | bool -%}server: https://{{ hostvars[kubernetes_config.cluster.prime.name].ansible_host }}:6443{% endif %}
-    #     service-cidr: "{{ KubernetesServiceSubnet }}"
-    #     disable-network-policy: true
-    #     disable:
-    #       - traefik
-    #     kube-apiserver-arg:
-    #       - audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
-    #       - audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml
-    #       # - admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml
-    #       {% if kubernetes_oidc.enabled | default(false) | bool -%}
-    #       - oidc-issuer-url={{ kubernetes_oidc.issuer_url }}
-    #       - oidc-client-id={{ kubernetes_oidc.client_id }}
-    #       - oidc-username-claim={{ kubernetes_oidc.username_claim }}
-    #       - {% if kubernetes_oidc.oidc_username_prefix | default('') != '' %}oidc-username-prefix={{ kubernetes_oidc.oidc_username_prefix }}{% endif %}
-    #       - oidc-groups-claim={{ kubernetes_oidc.groups_claim }}
-    #       {% if kubernetes_oidc.groups_prefix | default('') != '' %}- oidc-groups-prefix={{ kubernetes_oidc.groups_prefix }}{% endif %}
-    #     {% endif %}
-    #     node-external-ip: "{{ host_external_ip }}"
 
     - name: audit.yaml
       path: /var/lib/rancher/k3s/server
@@ -104,7 +80,6 @@ k3s:
       when: "{{ kubernetes_config.cluster.prime.name == inventory_hostname }}"
 
 
-
 #############################################################################################
 # Cluster Config when stored in Inventory
 #
@@ -112,12 +87,13 @@ k3s:
 #############################################################################################
 # kubernetes_config:                    # Dict. Cluster Config
 #   cluster:
-#     access:                           # Mandatory. List, DNS host name or IPv4/IPv6 Address. 
+#     access:                           # Mandatory. List, DNS host name or IPv4/IPv6 Address.
 #                                       # if none use '[]'
 #       - 'my.dnshostname.com'
 #       - '2001:4860:4860::8888'
 #       - '192.168.1.1'
 #     Name: earth                       # Mandatory, String. Cluster Name
+#     group_name:                       # Mandatory, String. name of the ansible inventory group containg all cluster hosts
 #     prime:
 #       name: k3s-prod                  # Mandatory, String. Ansible inventory_host that will
 #                                       # act as the prime master node.