1. Resonate RFID Reader Management Installation Guide
  2. Preparing for Installation
  3. Configuring the Machines
  4. MicroK8s Multi-Node Firewall Documentation
  • Resonate RFID Reader Management 2.0 Software Installation Guide
MicroK8s Multi-Node Firewall Documentation

MicroK8s Multi-Node Firewall Documentation

This section provides examples showing how to open the required ports (MicroK8s ports) for communication between the nodes in a multi-node configuration. The examples differ in how restrictive and how easy to configure the access is. For more information on the MicroK8s ports, refer to the Services binding to the default Host interface subtopic of the Services and ports topic in the MicroK8s documentation.

Example 1: firewalld - Permitting the Required Ports Between MicroK8s Cluster Nodes

The following shows how to open the required ports (MicroK8s ports) for communication between the nodes in a multi-node configuration. Access to these ports is limited to the nodes in the cluster.

node1=10.10.10.10/32
node2=10.10.10.11/32
node3=10.10.10.12/32

sudo firewall-cmd --permanent --new-ipset=MicroK8s-clutser-nodes --type=hash:ip
        
sudo firewall-cmd --permanent --ipset=MicroK8s-cluster-nodes --addentry=$node1
sudo firewall-cmd --permanent --ipset=MicroK8s-cluster-nodes --addentry=$node2
sudo firewall-cmd --permanent --ipset=MicroK8s-cluster-nodes --addentry=$node3

sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source 
        ipset=MicroK8s-cluster-nodes port=16443 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=10250 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=10255 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=25000 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=12379 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=10257 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=10259 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=19001 protocol=tcp accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule source
        ipset=MicroK8s-cluster-nodes port=4789 protocol=udp accept'
sudo firewall-cmd --reload
To verify that the ports were opened successfully, run the following commands:

sudo firewall-cmd --permanent --get-ipsets
sudo firewall-cmd --permanent --ipset=MicroK8s-cluster-nodes --get-entries
sudo firewall-cmd --permanent --info-ipset=MicroK8s-cluster-nodes
sudo firewall-cmd --zone=public --list-all
sudo firewall-cmd --list-rich-rules

Example 2: firewalld - Permitting the Required Ports to All Machines

The following shows how to open the required ports (MicroK8s ports) for communication between the nodes in a multi-node configuration, but in a less restrictive, easier to configure way. This method allows any machine to communicate with these ports rather than limiting access to the nodes in the cluster; typically, other machines should use the external hostname/IP address of the cluster instead of communicating directly with these ports.
sudo firewall-cmd --permanent --zone=public --add-port={ 16443/tcp, 10250/tcp, 10255/tcp, 25000/tcp, 12379/tcp, 10257/tcp, 10259/tcp, 19001/tcp, 4789/udp} sudo firewall-cmd --reload
To verify that the ports were opened successfully, run the following command:
firewall-cmd --zone=public --list-all