-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#1283 update Rancher security best practices to address public IP exposure #1287
#1283 update Rancher security best practices to address public IP exposure #1287
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a small addition, but otherwise looks good. thanks Marty!
docs/reference-guides/rancher-security/rancher-security-best-practices.md
Outdated
Show resolved
Hide resolved
docs/reference-guides/rancher-security/rancher-security-best-practices.md
Outdated
Show resolved
Hide resolved
You should protect the following ports behind an [external load balancer](../../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) that has SSL offload enabled: | ||
|
||
- **K3s:** Port 6443, used by the Kubernetes API. | ||
- **RKE2:** Port 6443, used by the Kubernetes API, and port 9345, used for node registration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does RKE(1) require any action?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left a comment asking about this on the associated security issue
I haven't heard back in 3 weeks, I'm just going to merge as the information is important and relevant. If we do hear back on RKE1 we can update the page. |
Fixes #1283
Reminders
See the README for more details on how to work with the Rancher docs.
Verify if changes pertain to other versions of Rancher. If they do, finalize the edits on one version of the page, then apply the edits to the other versions.
If the pull request is dependent on an upcoming release, make sure to target the release branch instead of
main
.Description
This adds some information about how to protect from nodes' public IP addresses being exposed. It's an internal request from the security repo. The PR also reduces the levels on the headings from 3 to 2, since there is no intervening second level heading between them and the H1 title.
Comments