All Documents

Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Content is empty

If you don't find the content you expect, please try another search term

Container Engine (KCE)

View more results

Document title with current keyword not found

Directory

Expand AllFold All Up

Networking
Security

Video Services
Data Analysis
- MapReduce (KMR)
- Kingsoft Cloud Log Service
Account Management
- Identity and Access Management
- Account Management

No products found with this keyword

Documentation

Container Engine (KCE)

User Guide

Cluster management

Recommended security group settings

Recommended security group settings

Last updated：2021-05-11 10:41:31



KCE uses VPC as the underlying network of containers. This topic describes the rules of using a security group in KCE to help you select proper security group policies.

Security group

A security group is a stateful virtual firewall for KEC instances. A security group is used to control network access for a single or several KEC instances and is an important network isolation mean provided by Kingsoft Cloud. For more information about security groups, see Security groups.

Suggestion on security group selection

In a KCE cluster, different Services are distributed on different nodes in the cluster. Pods for different Services may be migrated between nodes based on resource usage. We recommend that you add KEC instances of a cluster to the same security group. Do not add other irrelevant KEC instances to the security group of the cluster.
If you expose a Service in NodeIP:NodePort mode, a port is automatically or manually assigned to the Service. The port ranges from 30000 to 32768. In this case, you need to allow access to ports 30000 to 32768 on nodes.
Allow access to port 22 if you want to connect to nodes in SSH mode.

Recommended security group settings

Inbound rules

Protocol	Action	Start port	End port	Source IP address	Remarks
TCP	Allow	30000	32768	0.0.0.0/0	Allows TCP access to ports 30000 to 32768 from all IP addresses.
UDP	Allow	30000	32768	0.0.0.0/0	Allows UDP access to ports 30000 to 32768 from all IP addresses.
TCP	Allow	22	22	0.0.0.0/0	Allows TCP access to port 22 from all IP addresses.

Outbound rules

Protocol	Action	Start port	End port	Source IP address	Remarks
IP	Allow	N/A	N/A	0.0.0.0/0	Allows all outbound traffic of the VPC.

On this page

Previous:Connect to a Kubernetes cluster by using kubectl

Next:Plan CIDR blocks for a cluster

Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen

Feedback