Avoid disabling firewall when installing kubernetes

The Fedora Docs state that firewalld should be disabled when installing kubernetes.

The k3s docs say that you’ll probably be fine (at least for a test drive), if you just add allow rules in the firewall for kubernetes connections:

firewall-cmd --permanent --add-port=6443/tcp #apiserver
firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 #pods
firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16 #services
firewall-cmd --reload

Would it not be better for the docs to suggest by default the allow-list linked in the docs, rather than disabling the firewall altogether?

Best regards,
Papiris

The docs claim the install fails: Kubernetes is configured to generate an installation error if the firewall is running

Are the docs wrong?
In your place I would try leaving the firewalld running and see if things break.

I should change the Kubernetes quick doc to say that kubeadm wiill generate a warning message if a firewall is detected on the machine. I do provide a link to a decent article that shows how to configure the firewall for kubernetes.

@papiris - thanks for the comment. I was largely following the kubeadm guide from the kubernetes project omitting the step to disable selinux (i have not needed to do that). I can emphasize that disabling the firewall is for ease of use and suitable for learning about and exploring kubernetes as it removes one potential source of problems. But not recommended for production use or on machines exposed to external networks.

best regards

The quick doc (Using Kubernetes on Fedora :: Fedora Docs) has been updated.