https://rancher.com/ logo
Title
l

limited-accountant-71118

12/12/2022, 9:57 AM
Hello k3s-community I have a single node k3s installation and noticed that ports 6443 and 10250 are open from the outside. How can I add iptables rules in order to close these ports from the outside? When I run iptables -L I see a plethora of rules but have no idea where and how these are configured and thus how to add a couple of them. I am using k3s-selinux-1.2-2.el8.noarch Regards Hans
n

nutritious-tomato-14686

12/13/2022, 6:11 PM
The 6443 is a required open port for K3s to function. Its how K3s nodes communicate with the k8s apiserver. 10250 is open for Kubelet metrics. See https://docs.k3s.io/installation/requirements#networking for info on possible open ports used by K3s and other K8s components.
l

limited-accountant-71118

12/15/2022, 6:03 AM
Hi Derek, Thanks for your reply. I am aware of the fact that 6443 and 10250 need to be open in a cluster. But in my case I have a single node. So these ports do not need to be open from the "outside". I would argue that also in a multiple node cluster environment it would be good practice to limit access to these ports to the nodes that make up the cluster. I am now looking at network policies.