Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure ufw firewall #1

Open
woile opened this issue Jun 7, 2019 · 0 comments
Open

Configure ufw firewall #1

woile opened this issue Jun 7, 2019 · 0 comments
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@woile
Copy link
Owner

woile commented Jun 7, 2019
edited
Loading

Goal
Have a more secure cluster.

Context
I was failing to create a cluster and I don't know if it was ufw or not, so for now I've removed it.
The cluster is working now, so it's possible to add this feature.

Proposal

  • Add ufw to the install dependencies in the template yaml.
  • Find a way to run all of this:
ufw --force reset  # ok
ufw allow ssh
ufw allow 6443 # Kubernetes API (master)
ufw allow 80  # HTTP
ufw allow 443  # HTTPS
ufw allow 8443  # kubectl proxy
ufw allow 10250  # Kubelet API (master and worker)
ufw allow 10251  # kube-scheduler (master)
ufw allow 10252  # kube-controller-manager (master)
ufw allow 2379:2380/tcp  # etcd server client API (master)
ufw allow 30000:32767/tcp  # NodePort Services** (worker)
ufw default deny incoming
yes | ufw enable
  • Find which other ports should be opened

Extras:

WeaveNet

TCP 6783 and UDP 6783/6784
@woile woile added enhancement New feature or request good first issue Good for newcomers labels Jun 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@woile