hallowed-mechanic-2299505/10/2022, 8:36 AM
). Everything else except some ssh exceptions and open http(s) is closed. I face a situation where I need to route TCP traffic into my k8s-cluster, so that our devs can access our Postgres Databases. But here `NodePort`s are tearing holes into the firewall because k8s somehow opens the 30thousandISH ports in iptables which cannot (?) be reliable prevented or undone. Since I'm a super lazy guy, I don't want any DB port (or any other port than 443) to be open in to the Internet (Security) and I also don't want my devs to mess around with k8s port forwardings (convinience). So I thought I setup
ufw allow in on nm-rke from 10.10.10.0/24
to overcome this issue, but here I somehow got stuck. I successfully setup MetalLB and introduced a simple L2 config
tl;dr: I can access LBs from all Nodes but not from the external clients. They run into a timeout when trying to access. Would appreciate any help (message limit reached)!
yaml --- apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - 10.10.10.100-10.10.10.200