How to use Fail2ban under Kubernetes?

5/15/2019

Until now I'm using Docker for a hand-made hosting solution on single-VPCs, with fail2ban installed on host and watching at Docker logs from Nginx containers (Each server can host multiple websites, served through an Nginx proxy)

I wonder how it would be possible to achieve same feature with Kubernetes, especially blocking POST requests to /wp-admin access after X attempts?

I thought about building a custom Docker image for Nginx proxy (Ingress in K8s), including Fail2ban; but maybe there's a simpler solution: Network Policies ?

-- Bazalt
docker
fail2ban
firewall
kubernetes
ufw

1 Answer

5/16/2019

I think you're talking about monitoring requests, k8s cannot monitor traffic. Network policies can be used only to load balancing between nodes. You can monitore traffic using Istio, but is connected with microservices.

You need to install Istio on your cluster. Then you have to visualize metrics with Grafana and follow steps in tutorial below https://istio.io/docs/tasks/telemetry/metrics/using-istio-dashboard/ at the and visualizing workload dashboards gives details about metrics for each workload.

Istio has many others advantages, you can also trace requests using Zipkin

I hope this helps.

-- MaggieO
Source: StackOverflow