This message was deleted.
# general
a
This message was deleted.
g
Perhaps use calico's host-protection features to block those from outside your cluster? https://docs.tigera.io/calico/latest/network-policy/hosts/kubernetes-nodes
c
kube-apiserver needs to be exposed for obvious reasons. the kubelet needs to be exposed so that metrics-server can scrape metrics. I’m not sure what the calico-node listener exposes. systemd-resolved is well… part of systemd and I’m not sure why you’d report it here.
g