DNS does not work with Weave CNI and Firewalld on RHEL 8 based OSs

Article Number: 000020713

Environment

Firewalld service blocks Rancher cluster DNS on Rhel8.

Steps to reproduce:
1. Install and setup RKE on RHEL 8
2. CoreDNS is deployed as part of the RKE setup
3. Start firewalld service on RHEL8 nodes.

After starting firewalld service, k8s pod logs return connection error:

ent-041273.voicelab.local. A: read udp 172.21.0.19:58953->1.10.64.26:53: i/o timeout --------------

The Internal Kubernetes DNS server (coredns) is blocked. Once firewalld is stopped, the Kubernetes DNS works.

Firewalld blocks these ports that are required:

- 2379-2380/tcp
- 4789/udp
- 5000/tcp
- 6443/tcp
- 6783/tcp
- 6783-6784/udp
- 9100/tcp
- 10250/tcp
- 10257/tcp
- 10259/tcp

Stop firewalld on RHEL8 nodes, per requirements described in Rancher requirements.