Kuberenetes Firewalling the management API
I’m quite familiar with DO, Kubernetes and coreos ( used to deploy ETCD clusters on DO using Ansible + API).
I’m looking at using DO to host an test K8 cluster, and am looking to ‘lock down’ the management API.
Typically I would firewall port 443 to the master node (network firewall, local baremetal), but have noticed the DO firewall doesn’t seem to handle this traffic, and adding a rule to only allow from my source IP is not working. Locally I could also update the mater’s host-based firewall, I haven’t looked to much into this on DO yet, although the nodes appear to be running debian :S.
As a pot-shot, i’m guessing DO is handling the k8s management endpoints by a different (not configurable by us) means, although would be happily corrected/pointed in the right direction.