Firewall
Firewall setup for various components
Last updated
Firewall setup for various components
Last updated
Copyright © OpenG2P. This work is licensed under Creative Common Attribution (CC-BY-4.0) International license unless otherwise noted.
To set up the Kubernetes cluster, you need to open a few ports on all nodes as mentioned below.
Set up firewall rules on each node according to the following table.
| Protocol | Port | Access | Purpose |
|---|---|---|---|
| Protocol | Port | Access | Purpose |
|---|---|---|---|
The exact method to set up the firewall rules will vary from cloud to cloud and on-prem. (For example on AWS, EC2 security groups can be used. For on-prem cluster, ufw can be used and so on)
On your machine install ansible
Make sure you have SSH access to all nodes of the cluster
Create hosts.ini file. Sample given here.
Copy ports.yaml file and inspect for any changes w.r.t to above table.
Run
You can use ufw to set up the firewall on each cluster node.
SSH into each node, and change to superuser
Run the following command for each rule in the above table
Example:
Enable ufw:
Additional Reference: RKE2 Networking Requirements
| Protocol | Port | Access | Purpose |
|---|---|---|---|
| Protocol | Port | Access | Purpose |
|---|---|---|---|
TCP
22
Public/Internet
SSH
TCP
80
Public/Internet
HTTP
TCP
443
Public/Internet
HTTPS
TCP
5432
Intranet
Postgres
TCP
9345
Intranet
RKE
TCP
6443
Intranet
K8s API
UDP
8472
Intranet
K8s Flannel VXLAN
TCP
10250
Intranet
kubelet
TCP
2379
Intranet
etcd client
TCP
2380
Intranet
etcd peer
TCP
9796
Intranet
Prometheus
TCP
30000:32767
Intranet
K8s NodePort
TCP
22
Public/Internet
SSH
TCP
80
Public/Internet
HTTP
TCP
443
Public/Internet
HTTPS
TCP
5432
Intranet
Postgres
TCP
22
Public/Internet
SSH
UDP
51820-5182n
Public/Internet
Multiple Wireguard servers
TCP
22
Public/Internet
SSH
TCP
2049
Intranet
NFS server