K
Q

Kubernetes NodePort - Ufw/Iptables ignored?

11/3/2018

I opened a Kubernetes NodePort on a machine and blocked all traffic to this port with the following rule:

sudo ufw deny 30001

But I can still access that port via browser. Is it common? I can't find any information on that in the docs.

-- Techradar
iptables
kubernetes
kubernetes-ingress
ufw

Similar Questions

Connect to GCE Cloudsql instance via private IP
Kubernetes RBAC to restrict user to see only required resources on kubernetes dashboard
Getting MountVolume.SetUp failed for volume while installing stable RabbitMQ in Kubernetes
Kubernetes ApiVersion for a Resource kind
Empty custom metrics resource list with Prometheus adapter
Google Cloud Kubernetes GCE_STOCKOUT
Not able to access file shared with init container

1 Answer

11/4/2018

Finally found the issue: kube-proxy is writing iptables rules (https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/#is-kube-proxy-writing-iptables-rules) which are catched before the ufw rules one added manually. This can be confirmed by checking the order in the output of iptables -S -v.

-- Techradar
Source: StackOverflow