Kuberenetes Firewalling the management API

Posted December 31, 2018 1.6k views
APICoreOSKubernetesDigitalOcean Cloud Firewalls

Hi all,

I’m quite familiar with DO, Kubernetes and coreos ( used to deploy ETCD clusters on DO using Ansible + API).

I’m looking at using DO to host an test K8 cluster, and am looking to ‘lock down’ the management API.

Typically I would firewall port 443 to the master node (network firewall, local baremetal), but have noticed the DO firewall doesn’t seem to handle this traffic, and adding a rule to only allow from my source IP is not working. Locally I could also update the mater’s host-based firewall, I haven’t looked to much into this on DO yet, although the nodes appear to be running debian :S.

As a pot-shot, i’m guessing DO is handling the k8s management endpoints by a different (not configurable by us) means, although would be happily corrected/pointed in the right direction.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hey friend, you’re correct, we’re providing a managed Kubernetes product (our short hand for it is DOKS 👍🏼 ) so there’s no access to the management layer: Hope this helps.