-
Sheogorath authoredThis patch configures calico to help isolating the cluster from the rest of the world by implementing host firewall rules. This should close various ports that otherwise would be exposed to the outside world and posing a risk. It's important to note, that due to the usage of wireguard there are some additional ports that must be opened for the whole setup to function. If ports >40000 on UDP aren't open, the whole network will die, apparently. At least that's what experimenting with this feature has indicated. Reference: https://projectcalico.docs.tigera.io/security/kubernetes-nodes
Sheogorath authoredThis patch configures calico to help isolating the cluster from the rest of the world by implementing host firewall rules. This should close various ports that otherwise would be exposed to the outside world and posing a risk. It's important to note, that due to the usage of wireguard there are some additional ports that must be opened for the whole setup to function. If ports >40000 on UDP aren't open, the whole network will die, apparently. At least that's what experimenting with this feature has indicated. Reference: https://projectcalico.docs.tigera.io/security/kubernetes-nodes