feat(infra): UFW k3s routing + full deploy runbook
- base role: allow UFW routing direction (required for k3s flannel pod networking to function across nodes) - docs/deploy-stack.md: full S1→S5 ordered deploy runbook with pre-conditions checklist and layer-by-layer steps Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
aa822164b5
commit
2d7e0101bc
2 changed files with 158 additions and 1 deletions
|
|
@ -30,12 +30,17 @@
|
|||
name: ssh
|
||||
state: restarted
|
||||
|
||||
- name: Configure UFW
|
||||
- name: Configure UFW default incoming policy
|
||||
ansible.builtin.ufw:
|
||||
state: enabled
|
||||
policy: deny
|
||||
direction: incoming
|
||||
|
||||
- name: Allow UFW routing (required for k3s flannel pod networking)
|
||||
ansible.builtin.ufw:
|
||||
policy: allow
|
||||
direction: routed
|
||||
|
||||
- name: Allow SSH in UFW
|
||||
ansible.builtin.ufw:
|
||||
rule: allow
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue