This message was deleted.
# k3sa
adamant-kite-43734
10/24/2024, 4:23 PMThis message was deleted.
c
creamy-pencil-82913
10/24/2024, 6:25 PMthose are the service’s node ports. That is how loadbalancer services work on kubernetes. So no, you can’t suppress that. That is the port on the nodes that the loadbalancer sends traffic to.
creamy-pencil-82913
10/24/2024, 6:26 PMyou can find more info in the Kubernetes docs
e
echoing-pencil-88157
10/24/2024, 7:31 PMah, but the 30xxx ports could/should be firewalled to only allow traffic from the loadbalancer instead of being generally open?
c
creamy-pencil-82913
10/24/2024, 7:35 PMwell generally the cluster members aren’t deployed somewhere that’s just got all ports open to the world so yeah
e
echoing-pencil-88157
10/24/2024, 7:38 PMwell but thats my problem it opens the 4 ports to the world automatically, and as far as I can tell without any constraints 🙂
c
creamy-pencil-82913
10/24/2024, 7:53 PMdon’t use iptables on the node as the only security layer. Kubernetes kinda assumes you have external security controls, like a border firewall, or cloud security groups, or something like that. It wants to be pretty much the only thing on the node managing iptables rules.
e
echoing-pencil-88157
10/24/2024, 8:01 PMhmm, what if I run baremetal k3s? 😉 but yeah I get your point
echoing-pencil-88157
10/24/2024, 8:01 PMlet me think about how I want to proceed with this
echoing-pencil-88157
10/24/2024, 8:02 PMtechnically it's not a problem because I do expose 80/443 to my internal network by default, it still does not feel right that k3s/k8s does this automatically though
g
gray-pillow-95920
10/24/2024, 8:24 PMYou can disable the Nodeport creation when deploying a load balancer https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
c
creamy-pencil-82913
10/24/2024, 8:30 PMah there you go. upstream docs ftw
5 Views