Are there any k8s firewall best practices to be aware of?

March 25, 2019 427 views
Kubernetes Firewall Security

Just finished setting up a managed k8s cluster along with an ingress load balancer by following this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes

With that out of the way, are there any next steps I should do to secure my cluster? e.g., should I set up a firewall?

1 Answer
jarland MOD March 25, 2019
Accepted Answer

Greetings!

Great question. I want to stress that opinions vary on this, and that someone will certainly disagree with my answer. I do not believe firewalls are necessary, because I focus on it from a different angle. For it to be necessary that ports are firewalled off, it must first be true that services are listening which you do not want to be publicly accessible. I recommend running nmap against your IP address to make sure that you know what all is publicly accessible:

https://www.wikihow.com/Run-a-Simple-Nmap-Scan

With a web server you should have ports 80 and 443 listening (or just 80 if no SSL). With the guide you were working from, you should not have anything else listening, and therefore I propose that you have nothing to firewall off.

Jarland

Have another answer? Share your knowledge.