search

kelseyhightower / kubernetes-the-hard-way

Bootstrap Kubernetes the hard way. No scripts.
Apache License 2.0
41.3k stars 14.13k forks source link

Is the firewall rule 'kubernetes-the-hard-way-allow-health-check' necessary? #628

Closed scottc-git closed 3 years ago

scottc-git commented 3 years ago

Just finished the 'Kubernetes-the-Hard-Way' --- great stuff and I have one question. In Step 8 The Kubernetes Frontend Load Balancer, is it necessary to create another firewall rule?

  gcloud compute firewall-rules create kubernetes-the-hard-way-allow-health-check \
    --network kubernetes-the-hard-way \
    --source-ranges 209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 \
    --allow tcp

At Step 3 Firewall Rule, we've already allowed the world to be able to access the port 6443 in all nodes.

gcloud compute firewall-rules create kubernetes-the-hard-way-allow-external \
  --allow tcp:22,tcp:6443,icmp \
  --network kubernetes-the-hard-way \
  --source-ranges 0.0.0.0/0
scottc-git commented 3 years ago

Never mind. I overlooked the part it says:

The network load balancer only supports HTTP health checks which means the HTTPS endpoint exposed by the API server cannot be used.