Security Group
Security Group acts as a firewall to help you control traffic going in and out of the server (VM). On the VKS system, to ensure the cluster operates safely and effectively, default Security Groups are set up to allow necessary access for the cluster's internal operations. Automatically creating a Security Group simplifies the cluster deployment process and ensures that the cluster is protected from the start. Specifically, when you initialize a Cluser, we will automatically create several Security Groups with the following parameters:
The default security group is automatically created for all Clusters
For each Cluster created in the VKS system, we will automatically create a Security Group. This security group will include:
Inbound:
Protocol | Ether type | Port range | Source | Meaning |
TCP | IPv4 | 30000-32767 | CIDR of the VPC you use for the Cluster. | Security group rule used for TCP Node Port Services |
UDP | IPv4 | 30000-32767 | CIDR of the VPC you use for the Cluster. | Security group rule used for UDP Node Port Services |
TCP | IPv4 | 10250 | External IP of Load Balancer used for Cluster. | Security group rule used for Kubelet API control-plane |
TCP | IPv4 | 10250 | CIDR of the VPC you use for the Cluster. | Security group rule used for Kubelet API control-plane |
TCP | IPv4 | 179 | CIDR of the VPC you use for the Cluster. | Security group rule used for Kubelet API control-plane |
4 | IPv4 | 1-65535 | CIDR of the VPC you use for the Cluster. | Security group rule used for Calico IP-in-IP |
TCP | IPv4 | 5473 | CIDR of the VPC you use for the Cluster. | Security group rule used for Calico Typha |
Outbound
Protocol | Ether type | Port range | Destination | Meaning |
ANY | IPv4 | 0-65535 | 0.0.0.0/0 | Default rule of all Security groups |
ANY | IPv6 | 0-65535 | ::/0 | Default rule of all Security groups |
Security group is automatically created by VNGCLOUD Controller Manager
When you use VNGCloud Controller Manager to integrate Network Load Balancer with Cluster on VKS system, we will automatically create a Security Group. This security group will include:
Inbound:
Protocol | Ether type | Port range | Source |
TCP, UDP or ICMP | IPv4 | Port of Service | Subnet Mask of the Subnet you use for the Cluster. |
Outbound:
Protocol | Ether type | Port range | Destination | Meaning |
ANY | IPv4 | 0-65535 | 0.0.0.0/0 | Default rule of all Security groups |
ANY | IPv6 | 0-65535 | ::/0 | Default rule of all Security groups |
Security group is automatically created by VNGCLOUD Ingress Controller
When you use VNGCloud Ingress Controller to integrate Application Load Balancer with Cluster on VKS system, we will automatically create a Security Group. This security group will include:
Inbound:
Protocol | Ether type | Port range | Source |
TCP | IPv4 | Port of Service | Subnet Mask of the Subnet you use for the Cluster. |
Outbound:
Protocol | Ether type | Port range | Destination | Meaning |
ANY | IPv4 | 0-65535 | 0.0.0.0/0 | Default rule of all Security groups |
ANY | IPv6 | 0-65535 | ::/0 | Default rule of all Security groups |
Attention:
Default Security Groups are set up to meet the basic security needs of the cluster. If you edit or delete the Security Groups created for the cluster, it may result in connectivity and access issues between nodes in the cluster or the cluster may not function correctly or may not even start. To ensure the stability and security of the cluster, the system will automatically reset Security Groups to default settings after every fixed period of time.
Last updated
