堆栈内存溢出
  简体   繁体   English

使用Kops和AWS设置外部防火墙网络安全性

[英]Setup external firewall network security with kops and aws

 原文  2017-07-20 05:09:07       amazon-web-services/ networking/ kubernetes/ kops/ deepsecurity

问题描述

At the moment I want to introduce some external firewall solution for kubernetes within the AWS. 目前,我想为AWS中的kubernetes引入一些外部防火墙解决方案。 I'm using kops to help build the production environment. 我正在使用kops来帮助构建生产环境。 It's a pretty good framework However, I'm new to the AWS network structure and kubernetes is also a new thing for me. 这是一个非常不错的框架。但是,我是AWS网络结构的新手,而kubernetes对我来说也是新事物。 What I want to do is setup a firewall for all requests come to the services within the kubernetes. 我要做的是为所有请求进入kubernetes中的服务设置防火墙。 And if someone hacked a container within the kubernetes, he or she cannot attack any other containers in the cluster. 而且,如果有人在kubernetes中入侵了一个容器,则他或她将无法攻击集群中的任何其他容器。 Any idea or suggestion? 有什么想法或建议吗?

2 个解决方案

解决方案1
 1  2017-09-05 13:16:47

For general Kubernetes restricting actions at a network level can be done (assuming you're on 1.7) via Network Policies . 对于一般的Kubernetes,可以通过网络策略在网络级别限制操作(假设您使用的是1.7)。

In addition to that if you're concerned about malicious containers in your cluster, I'd recommend reviewing the CIS Kubernetes standard to make sure you've locked down your cluster as, out of the box there appear to be some concerns with kops. 除此之外,如果您担心群集中的恶意容器,我建议您查看CIS Kubernetes标准,以确保已锁定群集,因为开箱即用时似乎存在一些问题

解决方案2
 0  2017-08-02 03:06:47

OK I finally figured out a solution. 好的,我终于找到了解决方案。 At the beginning, I try to use Fortinet Gate with kops. 开始时,我尝试将Fortinet Gate与kops一起使用。 But it's not working and causing a lot of issues...it seems that the change of route table will have some conflict with kops. 但是它不起作用并引起很多问题...似乎路由表的更改将与kops有一些冲突。 Anyway, it's not a good idea to reconnect subnets and firewall instances regarding kops. 无论如何,重新连接有关kops的子网和防火墙实例不是一个好主意。 Later we switched to Deep security. 后来我们切换到趋势科技服务器深度安全防护系统。 All good. 都好。 The only issue is kops doesn't support custom launch config at the moment. 唯一的问题是kops目前不支持自定义启动配置。 I hope this can help anyone who want to setup security env on kubernetes. 我希望这可以帮助想要在kubernetes上设置安全性环境的任何人。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有 Suricata 规则的 AWS 网络防火墙 - AWS network firewall with Suricata rules 正确设置AWS k8的kops权限 - Correct setup of kops permissions for AWS k8s AWS 网络防火墙 - 如何记录被阻止的连接 - AWS Network Firewall - How to log the blocked connections AWS 上的 Kops 集群超时 - Kops cluster on AWS timeout Kops nginx-Ingress controller 由于权限问题无法创建 AWS 网络负载均衡器 - Kops nginx-Ingress controller fails to create AWS Network Load Balancer due to permission issue 使外部DNS与Kops AWS 1.7 K8s集群中的入口对象一起使用 - Getting External-DNS to work with Ingress Objects in Kops AWS 1.7 K8s Cluster 在 aws kops 集群中部署 pod - deployment of the pod in the aws kops cluster AWS 实例上的 Kiwi TCMS 网络设置 - Kiwi TCMS Network Setup on AWS Instance 网络设置,AWS和.pem的SSH连接超时 - Network setup, SSH connection timeout with AWS and .pem AWS 安全组与网络 ACL - AWS Security group vs Network ACLs
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM