search

picatz / terraform-google-nomad

📗 Terraform Module for Nomad clusters with Consul on GCP
https://registry.terraform.io/modules/picatz/nomad/google
MIT License
78 stars 16 forks source link

Prevent Access to the Metadata Service from Container Workloads using iptables #25

Closed picatz closed 3 years ago

picatz commented 3 years ago

Related to #19: Nomad client nodes should have this iptables rule included to prevent access to the metadata service API:

$ iptables --insert FORWARD 1 --in-interface nomad --destination 169.254.169.254/32 --jump DROP

It should also be persisted across restarts.

picatz commented 3 years ago

Fixed with #37