Some improvements for networking documentation and firewalld usage

[plaes]

Description

Add basic example for dealing with firewalld on Fedora and related distros. Also adds default values to spec.network configuration documentation.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

How Has This Been Tested?

• Manual test
• Auto test added

Checklist:

• My code follows the style guidelines of this project
• My commit messages are signed-off
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules
• I have checked my code and corrected any misspellings

[juanluisvaladas]

Thanks for the PR! Just a question and a nit, other than that it's good

[plaes]

Ok, I've set up a minimal cluster with on Fedora server netinst with metallb + traefik installed via Helm (manually):

$ k0s kubectl  get all
NAME                                      READY   STATUS    RESTARTS        AGE
pod/metallb-controller-77cb7f5d88-mtkrx   1/1     Running   2 (5m59s ago)   14m
pod/metallb-speaker-x75hf                 4/4     Running   4 (6m42s ago)   14m
pod/traefik-798c5757dc-z67s7              1/1     Running   1 (6m42s ago)   16m
pod/whoami-57b48994d9-bhglb               1/1     Running   1 (6m42s ago)   10m

NAME                              TYPE           CLUSTER-IP      EXTERNAL-IP       PORT(S)                      AGE
service/kubernetes                ClusterIP      10.96.0.1       <none>            443/TCP                      3d20h
service/metallb-webhook-service   ClusterIP      10.97.204.170   <none>            443/TCP                      14m
service/traefik                   LoadBalancer   10.99.102.233   192.168.122.164   80:31228/TCP,443:32404/TCP   16m
service/whoami                    ClusterIP      10.108.224.82   <none>            80/TCP                       9m48s

NAME                             DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/metallb-speaker   1         1         1       1            1           kubernetes.io/os=linux   14m

NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/metallb-controller   1/1     1            1           14m
deployment.apps/traefik              1/1     1            1           16m
deployment.apps/whoami               1/1     1            1           10m

NAME                                            DESIRED   CURRENT   READY   AGE
replicaset.apps/metallb-controller-77cb7f5d88   1         1         1       14m
replicaset.apps/traefik-798c5757dc              1         1         1       16m
replicaset.apps/whoami-57b48994d9               1         1         1       10m

I needed to add two firewall rules to existing FedoraServer profile:

1. firewall-cmd --add-port=10250/tcp otherwise metrics-server in kube-system namespace wouldn't be able to connect
2. firewall-cmd --add-source=10.244.0.0/16 so traefik would be able to route traffic to ingress services (whoami)

$ firewall-cmd --list-all
FedoraServer (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: enp1s0
  sources: 10.244.0.0/16
  services: cockpit dhcpv6-client ssh
  ports: 10250/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

[juanluisvaladas]

Thanks for the contribution, merged it!