31c82625d6
Defines more strict security group rules for kubernetes worker nodes. The ports that are open by default: default port range(30000-32767) for external service ports; kubelet healthcheck port; Calico BGP network ports; flannel overlay network ports. The cluster admin should manually config the security group on the nodes where Traefik is allowed. Story: #2005082 Task: #29661 Change-Id: Idbc67cb95133d3a4029105e6d4dc92519c816288
13 lines
745 B
YAML
13 lines
745 B
YAML
security:
|
|
- |
|
|
Defines more strict security group rules for kubernetes worker nodes. The
|
|
ports that are open by default: default port range(30000-32767) for
|
|
external service ports; kubelet healthcheck port; Calico BGP network ports;
|
|
flannel overlay network ports. The cluster admin should manually config the
|
|
security group on the nodes where Traefik is allowed. To allow traffic to
|
|
the default ports (80, 443) that the traefik ingress controller exposes
|
|
users will need to create additional rules or expose traefik with a
|
|
kubernetes service with type: LoadBalaner. Finally, the ssh port in worker
|
|
nodes is closed as well. If ssh access is required, users will need to
|
|
create a rule for port 22 as well.
|