I'm looking for clarification on the supposed incompatibility with rke2 and firewalld. I know that a multi-node cluster may need firewalld potentially disabled or at least configured to allow node to node communication. However, if I only have a single node development cluster, I shouldn't technically need to disable firewalld right? I should only need to open ports for the kube-api server, kubelet, and any node ports needed for pod to pod communication? I'm super surprised that the rke2 documentation encourages disabling firewalld, given how many rke2 installed systems probably require having firewalld enabled as part of an os stig. Anyone else running firewalld successfully with their single or multi-node clusters? Any help appreciated.

If you're in an environment where security matters, you don't deploy your cluster in such a way as local iptables policy is the only thing protecting it.