This message was deleted Rancher Users #general

This message was deleted.

adamant-kite-43734

10/11/2024, 10:15 AM

This message was deleted.

powerful-librarian-10572

10/11/2024, 12:24 PM

you could add a netorkpolicy to block outside request for the pods with the selector component : kube-apiserver

👍 1

powerful-librarian-10572

10/11/2024, 12:30 PM

The real question is : will doing this cause trouble? Ive noticed as well that my nodes listen on 6443 and 10250 on their public ip

powerful-librarian-10572

10/11/2024, 12:56 PM

So ive been trying to do what i said but it doesnt seems to work and i don't know why 🫠

full-stone-89747

10/11/2024, 12:57 PM

/etc/rancher/k3s/config.yaml.d/50-rancher.yaml

the

bind-address

is not set, only

advertise-address

and it's the same on json plan file (stored in rancher secret) I tried to add

bind-address

in Additional API Server Args on the advanced tab but rancher can't join the k3s node after that

full-stone-89747

10/11/2024, 1:36 PM

If I don't make a mistake in k3s kube-api is in main k3s process, it' not a kubernetes pod. network policy don't work

powerful-librarian-10572

10/11/2024, 1:37 PM

Idk, in nestat + ps i see the process opening the port has the same argument as the command ran in the pod 😭

7 Views