Just finished setting up a managed k8s cluster along with an ingress load balancer by following this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes

With that out of the way, are there any next steps I should do to secure my cluster? e.g., should I set up a firewall?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Greetings!

Great question. I want to stress that opinions vary on this, and that someone will certainly disagree with my answer. I do not believe firewalls are necessary, because I focus on it from a different angle. For it to be necessary that ports are firewalled off, it must first be true that services are listening which you do not want to be publicly accessible. I recommend running nmap against your IP address to make sure that you know what all is publicly accessible:

https://www.wikihow.com/Run-a-Simple-Nmap-Scan

With a web server you should have ports 80 and 443 listening (or just 80 if no SSL). With the guide you were working from, you should not have anything else listening, and therefore I propose that you have nothing to firewall off.

Jarland

Submit an Answer