Vultr Kubernetes Engine (VKE) cluster Firewall is a critical security feature within VKE cluster that allows you to control and protect network traffic to and from your VKE cluster. By enabling VKE cluster Firewall, you can define specific rules that ensure only authorized connections are allowed, enhancing the security of your containerized applications.
Follow this guide to enable Firewall for your Vultr Kubernetes Engine cluster on your Vultr account using the Vultr Customer Portal, API, or CLI.
Send a GET
request to the List Regions endpoint and note your target Vultr region ID.
$ curl "https://api.vultr.com/v2/regions" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a GET
request to the List available plans in region endpoint to view all available instance plans in your chosen region and note the target node pool plan.
$ curl "https://api.vultr.com/v2/regions/{region-id}/availability" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a GET
request to the Get Kubernetes Versions endpoint and note your target Kubernetes version to use.
$ curl "https://api.vultr.com/v2/kubernetes/versions" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a POST
request to the Create Kubernetes Cluster endpoint to create a VKE cluster with Firewall enabled. Post-creation, note the cluster's ID.
$ curl "https://api.vultr.com/v2/kubernetes/clusters" \
-X POST \
-H "Authorization: Bearer ${VULTR_API_KEY}" \
-H "Content-Type: application/json" \
--data '{
"label": "{cluster-name}",
"region": "{region-id}",
"version": "{kubernetes-version}",
"enable_firewall": true,
"node_pools": [
{
"node_quantity": {number-of-nodes},
"label": "{node-label}",
"plan": "{node-plan}"
}
]
}'
Upon enabling the Firewall for your target cluster, create a Firewall group and add Firewall Rules to manage network traffic for your VKE cluster.
Send a GET
request to the Get Kubernetes Cluster endpoint to get the details of the target VKE cluster.
$ curl "https://api.vultr.com/v2/kubernetes/clusters/{cluster-id}" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
List all Vultr regions and note your target region ID.
$ vultr-cli regions list
List all available instance plans in your target region and note the target node pool plan.
$ vultr-cli regions availability <region-id>
List all available Kubernetes versions and note your target version to use.
$ vultr-cli kubernetes versions
Create a VKE cluster with Firewall enabled and note the target cluster's ID.
$ vultr-cli kubernetes create --label "<cluster-name>" --region "<region-id>" --version "<kubernetes-version>" --enable-firewall true --node-pools "quantity:<number-of-nodes>,plan:<node-plan>,label:<node-label>"
Upon enabling the Firewall for your target cluster, create a Firewall group and add Firewall Rules to manage network traffic for your VKE cluster.
Get the deatils of the target VKE cluster.
$ vultr-cli kubernetes get <cluster-id>
No comments yet.