feat(infra): UFW k3s routing + full deploy runbook

- base role: allow UFW routing direction (required for k3s flannel
  pod networking to function across nodes)
- docs/deploy-stack.md: full S1→S5 ordered deploy runbook with
  pre-conditions checklist and layer-by-layer steps

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
tegwick 2026-03-27 02:28:51 +01:00
parent aa822164b5
commit 2d7e0101bc
2 changed files with 158 additions and 1 deletions

View file

@ -30,12 +30,17 @@
name: ssh
state: restarted
- name: Configure UFW
- name: Configure UFW default incoming policy
ansible.builtin.ufw:
state: enabled
policy: deny
direction: incoming
- name: Allow UFW routing (required for k3s flannel pod networking)
ansible.builtin.ufw:
policy: allow
direction: routed
- name: Allow SSH in UFW
ansible.builtin.ufw:
rule: allow