In order to attach an existing Kubernetes cluster to Containership cloud, our servers must be able to access your Kubernetes API server. On some providers (like GKE), a firewall rule is automatically opened to allow remote access, so no further action is required.
However, some providers may restrict remote access to your API server. In this case, you must add a firewall rule, allowing access to the
host:port where your API server is running, from a all of the source IP addresses below:
This may consist of adding security group rules in your cloud provider, or editing iptables rules on the host where your API server runs.
The default secure port for the Kubernetes API is
6443 , but cloud providers typically set set it to
443 . So the resulting firewall rule, would allow all traffic on that port, from any of the source IPs above, to flow to your API server.
After your cluster is successfully attached, and you start adding workloads and services, you may need to add additional external firewall rules, in order to access your workloads from outside of the cluster. This is highly dependent upon your cloud provider, as some of them take care of this automatically, when using a
LoadBalancer type service.