Implementing iptables rules on Kubernetes nodes - McMap

About

Implementing iptables rules on Kubernetes nodes

Asked 15/8, 2018 at 11:39 Answered 16/8, 2018 at 14:43

kubernetes iptables kube-proxy

E

1

8

I would like to implement my own iptables rules before Kubernetes (kube-proxy) start doing it's magic and dynamically create rules based on services/pods running on the node. The kube-proxy is running in --proxy-mode=iptables.

Whenever I tried to load rules when booting up the node, for example in the INPUT chain, the Kubernetes rules (KUBE-EXTERNAL-SERVICES and KUBE-FIREWALL) are inserted on top of the chain even though my rules were also with -I flag.

What am I missing or doing wrong?

If it is somehow related, I am using weave-net plugin for the pod network.

Extravasation answered 15/8, 2018 at 11:39 Comment(0)

D

5

The most common practice is to put all custom firewall rules on the gateway(ADC) or into cloud security groups. The rest of the cluster security is implemented by other features, like Network Policy (It depends on the network providers), Ingress, RBAC and others.

Check out the articles about Securing a Cluster and Kubernetes Security - Best Practice Guide.

These articles can also be helpful to secure your cluster:

Dunning answered 16/8, 2018 at 14:43 Comment(0)

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.