Review firewall rules
Closed this issue · 0 comments
jmound commented
Since the changes in #24 included provisioning the Kubernetes scheduler with the custom role "Firewall Admin", and the re-arrangement of the frontend to the in-scope cluster, some of the firewall rules that are in place are likely superfluous or incorrect.
Additionally, we need to add a rule to block port 80 to the frontend IP address entirely. See also kubernetes/ingress-gce#290:
apiVersion: extensions/v1beta1
metadata:
annotations:
kubernetes.io/ingress.allow-http: "false"
Setting the above doesn't close port 80 on the http/s LB, it disables that Ingress rule from serving content on port 80.