incalculable-air-5403305/22/2023, 11:14 AM
there are unnecessary open ports exposed outside of the node, specifically these:
rke2 version v1.25.9+rke2r1 (842d05e64bcbf78552f1db0b32700b8faea403a0)
After disabling IPV6, they are still listening on 0.0.0.0. Can't seem to find a configuration option to lock down these services to the internal network only. Any ideas?
great-jewelry-7612105/22/2023, 12:49 PM
creamy-pencil-8291305/22/2023, 5:51 PM
great-jewelry-7612105/23/2023, 9:07 AM
I’m not sure what the calico-node listener exposesPort 9091 is metrics. https://docs.tigera.io/calico/latest/operations/monitor/monitor-component-metrics#creating-a-service-to-expose-felix-metrics