Comments (4)
I have come across many users who think RKE2 in general is incompatible with firewalld because of this section alone.
That is intended to be the key takeaway, yes. We recommend that it be disabled. Most CNI projects do not support use with firewalld or ufw enabled, and we inherit that position from them. If you chose to leave it running, and poke holes as the documentation describes, you are doing so at your own risk.
from rke2-docs.
What part of the docs are you referring to when you say: "If you chose to leave it running, and poke holes as the documentation describes"
from rke2-docs.
By opening up the ports listed at https://docs.rke2.io/install/requirements#inbound-network-rules in the firewalld or ufw config.
K3s provides some suggested firewall-cmd invocations to open things up at https://docs.k3s.io/installation/requirements#operating-systems, but we don't provide similar suggestions for RKE2.
from rke2-docs.
I have come across many users who think RKE2 in general is incompatible with firewalld because of this section alone.
That is intended to be the key takeaway, yes. We recommend that it be disabled. Most CNI projects do not support use with firewalld or ufw enabled, and we inherit that position from them. If you chose to leave it running, and poke holes as the documentation describes, you are doing so at your own risk.
Could you provide more information on the security implications of disabling firewalld on your RKE2 cluster? How do I protect my nodes from network ingress that I specifically do not want (e.g., inbound requests originating from the internet)? Or how do I prohibit any internal network traffic on those nodes outside of RKE2 (with the possible exception of something like SSH or config mgmt tools like Ansible)? This question is for an on-prem cluster, not cloud-based.
from rke2-docs.
Related Issues (20)
- Troubleshooting guidance for etcd HOT 1
- How to disable rke2 snapshot controller charts HOT 1
- rke2 logo duplicated and not changing in firefox on main page.
- No storage requirement detailed on Docs HOT 3
- Local-storage is not included on RKE2
- Expand server/agent config reference to include full config.yaml spec on consolidated page HOT 12
- Update Packaged Components Information
- Links release notes mixed HOT 3
- Update Requirements documentation for OS compatibility
- Review RKE2 cert rotation codeblock for correctness
- CNCF url is incorrect
- Document the non-zero exit code that is displayed after RKE2 processes HOT 1
- Markdown formatting on Matrix Compatibility link on Requirements page
- Allow for sqlite installs in k3s HOT 2
- Document default server config values
- For rke2 installs to vmware, note that open-vm-tools must be installed to prevent cni issues HOT 1
- Document required S3 bucket policy
- Remove experimental from the NVIDIA operator guidelines
- Mention creating CRDs for system-upgrade-controller
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rke2-docs.