Kubernetes: add firewall management for MetalLB

We didn't cover until today the fact that speakers pods of MetalLB
require a specific port on the firewall to be enabled, this commit
fixes the problem.

Author: rascasoft

roles/kubernetes/defaults/main.yml

@@ -90,6 +90,8 @@ k8s_ceph_csi_vol_expansion: false
 
 k8s_metallb_enable: false
 k8s_metallb_namespace: metallb-system
+k8s_metallb_ports:
+  - 7946/tcp
 k8s_metallb_pools: {}
 
 k8s_ingress_nginx_enable: false

roles/kubernetes/tasks/common.yml

@@ -225,6 +225,17 @@
         sysctl_set: yes
         state: present
         reload: yes
+
+    - name: Allow MetalLB ports in Firewalld
+      firewalld:
+       port: "{{ item }}"
+       state: enabled
+       permanent: yes
+       immediate: yes
+      with_items:
+        - "{{ k8s_metallb_ports }}"
+      when:
+        - k8s_metallb_enable|bool
   when:
     - k8s_firewalld_enable|bool