Related

Product Managed Kubernetes on DigitalOcean Product
DOCTL: DigitalOcean CLI Tool
Can I assign a firewall while creating a droplet via API? Question Question
How to I support both www.abc.com and abc.com? Question Question

Question

Kuberenetes Firewalling the management API

Posted December 31, 2018 1.3k views
APICoreOSKubernetesDigitalOcean Cloud Firewalls

Hi all,

I’m quite familiar with DO, Kubernetes and coreos ( used to deploy ETCD clusters on DO using Ansible + API).

I’m looking at using DO to host an test K8 cluster, and am looking to ‘lock down’ the management API.

Typically I would firewall port 443 to the master node (network firewall, local baremetal), but have noticed the DO firewall doesn’t seem to handle this traffic, and adding a rule to only allow from my source IP is not working. Locally I could also update the mater’s host-based firewall, I haven’t looked to much into this on DO yet, although the nodes appear to be running debian :S.

As a pot-shot, i’m guessing DO is handling the k8s management endpoints by a different (not configurable by us) means, although would be happily corrected/pointed in the right direction.

Add a comment
debesteben
By:
debesteben
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
wadenick January 2, 2019

Hey friend, you’re correct, we’re providing a managed Kubernetes product (our short hand for it is DOKS 👍🏼 ) so there’s no access to the management layer: https://www.digitalocean.com/docs/kubernetes/overview/ Hope this helps.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help