Question

Are there any k8s firewall best practices to be aware of?

Just finished setting up a managed k8s cluster along with an ingress load balancer by following this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes

With that out of the way, are there any next steps I should do to secure my cluster? e.g., should I set up a firewall?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Greetings!

Great question. I want to stress that opinions vary on this, and that someone will certainly disagree with my answer. I do not believe firewalls are necessary, because I focus on it from a different angle. For it to be necessary that ports are firewalled off, it must first be true that services are listening which you do not want to be publicly accessible. I recommend running nmap against your IP address to make sure that you know what all is publicly accessible:

https://www.wikihow.com/Run-a-Simple-Nmap-Scan

With a web server you should have ports 80 and 443 listening (or just 80 if no SSL). With the guide you were working from, you should not have anything else listening, and therefore I propose that you have nothing to firewall off.

Jarland