mxschmitt
commented
4 years ago For other people which run into this issue: Duplicate of #43 https://github.com/vitobotta/hetzner-cloud-init is a tool (by @vitobotta) to fix this issue
Closed vitobotta closed 4 years ago
mxschmitt
commented
4 years ago For other people which run into this issue: Duplicate of #43 https://github.com/vitobotta/hetzner-cloud-init is a tool (by @vitobotta) to fix this issue
I ran Aqua Security's Kube Hunter agains a cluster deployed with this node driver. It reported no vulnerabilities, but because there is no firewall, it reports that kubelet and also etcd ports are open. Do I need to be worried about this? I think unauthenticated access is not permitted, but is the fact that the ports are open a risk anyway? What can happen, apart from someone DoSsing the ports (which can happen with any open service)?
Before using this node driver I was deploying Kubernetes with Rancher as "custom nodes", so I prepared the nodes with Ansible first to set up firewall and disable root login. I absolutely love this node driver because it makes it possible to use Hetzner Cloud and save some money compared to other clouds, and makes scaling and management of node pools so easy with Rancher.
But I also want to be safe... What do you think about the kubelet and etcd ports being open from a security standpoint? Do you perform any additional tasks when deploying Kubernetes with this node driver?
Thanks!