Follow this documentation when trying to expose a service running in a Kubernetes cluster outside CERN.
The request depends on how you're exposing your service.
When exposing the service using Ingress you need to open the firewall for all hosts serving as Ingress controllers.
The recommendation is to create a landb set with these nodes, and ask for a firewall opening with an email to Computer.Security@cern.ch.
In the future we'll automate the management of landb sets.
When using a serviceType: LoadBalancer, first check the device name corresponding to the virtual IP of your instance:
kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE myservice LoadBalancer 10.254.156.232 22.214.171.124 80:31020/TCP,443:31303/TCP 3h53m host 126.96.36.199 188.8.131.52.in-addr.arpa domain name pointer lbaas-da39e075-190e-47db-9f12-9aad8bb4fac5.cern.ch
Take the dns name resulting from the command above and pass it in the InterfaceName of this link:
And in the Central Firewall Configuration go ahead and Make Firewall Request.