By debesteben
Hi all,
I’m quite familiar with DO, Kubernetes and coreos ( used to deploy ETCD clusters on DO using Ansible + API).
I’m looking at using DO to host an test K8 cluster, and am looking to ‘lock down’ the management API.
Typically I would firewall port 443 to the master node (network firewall, local baremetal), but have noticed the DO firewall doesn’t seem to handle this traffic, and adding a rule to only allow from my source IP is not working. Locally I could also update the mater’s host-based firewall, I haven’t looked to much into this on DO yet, although the nodes appear to be running debian :S.
As a pot-shot, i’m guessing DO is handling the k8s management endpoints by a different (not configurable by us) means, although would be happily corrected/pointed in the right direction.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hey friend, you’re correct, we’re providing a managed Kubernetes product (our short hand for it is DOKS 👍🏼 ) so there’s no access to the management layer: https://www.digitalocean.com/docs/kubernetes/overview/ Hope this helps.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.