Question

Kuberenetes Firewalling the management API

Posted December 31, 2018 696 views
API CoreOS Kubernetes DigitalOcean Cloud Firewalls

Hi all,

I’m quite familiar with DO, Kubernetes and coreos ( used to deploy ETCD clusters on DO using Ansible + API).

I’m looking at using DO to host an test K8 cluster, and am looking to ‘lock down’ the management API.

Typically I would firewall port 443 to the master node (network firewall, local baremetal), but have noticed the DO firewall doesn’t seem to handle this traffic, and adding a rule to only allow from my source IP is not working. Locally I could also update the mater’s host-based firewall, I haven’t looked to much into this on DO yet, although the nodes appear to be running debian :S.

As a pot-shot, i’m guessing DO is handling the k8s management endpoints by a different (not configurable by us) means, although would be happily corrected/pointed in the right direction.

Add a comment
debesteben
By:
debesteben
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
wadenick January 2, 2019

Hey friend, you’re correct, we’re providing a managed Kubernetes product (our short hand for it is DOKS 👍🏼 ) so there’s no access to the management layer: https://www.digitalocean.com/docs/kubernetes/overview/ Hope this helps.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help