Cloud firewall and kubernetes
We have a database server running on a normal Linode that is accessed from applications running in Kubernetes.
Is there a way to restrict access with the cloud firewall, without manually changing the rules whenever a kubernetes node gets recreated with either autoscaling or recycling when updating ?
As a stopgap, is there a published list of public IP ranges for a given datacenter ?
1 Reply
It is important to note that we generally advise against setting static Cloud Firewall rules for LKE nodes, since autoscaling or recycling nodes in a pool can lead to new nodes with different IP addresses being allocated, which could poke holes in a security stance reliant on IP whitelisting.
If you haven't already seen this, one of our staff members wrote this very comprehensive post on the Community Questions site about the relative tradeoffs and limitations associated with using the Cloud Firewall product with LKE:
This other, unrelated post has some interesting strategies that potentially be adapted for your use-case:
Lastly, we are not able to disclose the IP ranges of our data centers, but the public IP ranges we own can be found in public databases. Here are a couple of resources that you may find useful: