13 lines
745 B
YAML
13 lines
745 B
YAML
security:
|
|
- |
|
|
Defines more strict security group rules for kubernetes worker nodes. The
|
|
ports that are open by default: default port range(30000-32767) for
|
|
external service ports; kubelet healthcheck port; Calico BGP network ports;
|
|
flannel overlay network ports. The cluster admin should manually config the
|
|
security group on the nodes where Traefik is allowed. To allow traffic to
|
|
the default ports (80, 443) that the traefik ingress controller exposes
|
|
users will need to create additional rules or expose traefik with a
|
|
kubernetes service with type: LoadBalaner. Finally, the ssh port in worker
|
|
nodes is closed as well. If ssh access is required, users will need to
|
|
create a rule for port 22 as well.
|