Firewall
Firewall
Warning
This documentation is deprecated, please check here for its new home
Follow this documentation when trying to expose a service running in a Kubernetes cluster outside CERN.
The request depends on how you're exposing your service.
Ingress
When exposing the service using Ingress you need to open the firewall for all hosts serving as Ingress controllers.
The recommendation is to create a landb set with these nodes, and ask for a firewall opening with an email to Computer.Security@cern.ch.
In the future we'll automate the management of landb sets.
serviceType: LoadBalancer
When using a serviceType: LoadBalancer, first check the device name corresponding to the virtual IP of your instance:
kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice LoadBalancer 10.254.156.232 137.138.111.22 80:31020/TCP,443:31303/TCP 3h53m
host 137.138.111.22
22.111.138.137.in-addr.arpa domain name pointer lbaas-da39e075-190e-47db-9f12-9aad8bb4fac5.cern.ch
Take the dns name resulting from the command above and pass it in the InterfaceName of this link:
https://network.cern.ch/sc/fcgi/sc.fcgi?Action=SearchForUpdate&InterfaceName=lbaas-da39e075-190e-47db-9f12-9aad8bb4fac5.cern.ch
And in the Central Firewall Configuration go ahead and Make Firewall Request.