Skip to content

Adjusting created Security Groups

Security Groups are managed firewalls that restrict access to the cluster. To access the cluster, you must add ingress rules to the K8s cluster security groups.

To do this, follow these steps:

  1. To get your public IP address, type curl ifconfig.io in a Linux shell.

  2. Log into your AWS account.

  3. Navigate to EC2 > Security Groups.

  4. Locate the created K8s cluster.

    Kops has created 2 security groups, 1 for the master nodes and 1 for the worker nodes.

  5. Open the security group ID of the master nodes of the created K8s cluster.

  6. Under Inbound rules, click Edit inbound rules.

    Edit Inbound Rules

  7. Click Add rule.

  8. From the Type drop-down list, select HTTPS (port 443 is selected by default).

  9. Under Source, enter your public IP address in CIDR format.

    Note
    Use caution when opening the firewall to the public.

  10. Click Add rule.

  11. From the Type drop-down list, select HTTPS (port 443 is selected by default).

  12. Under Source, enter your proxy IP address in CIDR format.

    Add Master Inbound Rules

  13. Click Save rules.

    The security group rules are updated.

  14. Repeat the above steps for the worker node security group of the created K8s cluster.

    Add worker Inbound Rules

  15. You can verify the steps by listing the nodes in the VM:

    kubectl get nodes

    Note
    When you upgrade the cluster with kOps, the security groups are reset to the default settings.