Vultr DocsLatest Content

How to Enable Firewall for Vultr Kubernetes Engine Cluster

Updated on September 23, 2024

Vultr Kubernetes Engine (VKE) cluster Firewall is a critical security feature within VKE cluster that allows you to control and protect network traffic to and from your VKE cluster. By enabling VKE cluster Firewall, you can define specific rules that ensure only authorized connections are allowed, enhancing the security of your containerized applications.

Follow this guide to enable Firewall for your Vultr Kubernetes Engine cluster on your Vultr account using the Vultr Customer Portal, API, or CLI.

  • Vultr Customer Portal
  • Vultr API
  • Vultr CLI
  1. Navigate to Products and click Kubernetes.
  2. Click your target VKE cluster to open its management page.
  3. Click Firewall.
  4. Click Enable Firewall to deploy a Firewall for the target VKE cluster.
  5. Click firewall group to manage Firewall rules.
  6. Add Firewall rules according to requirements.

  1. Send a GET request to the List Regions endpoint and note your target Vultr region ID.

    console 
    $ curl "https://api.vultr.com/v2/regions" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

  2. Send a GET request to the List available plans in region endpoint to view all available instance plans in your chosen region and note the target node pool plan.

    console 
    $ curl "https://api.vultr.com/v2/regions/{region-id}/availability" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

  3. Send a GET request to the Get Kubernetes Versions endpoint and note your target Kubernetes version to use.

    console 
    $ curl "https://api.vultr.com/v2/kubernetes/versions" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

  4. Send a POST request to the Create Kubernetes Cluster endpoint to create a VKE cluster with Firewall enabled. Post-creation, note the cluster's ID.

    console 
    $ curl "https://api.vultr.com/v2/kubernetes/clusters" \
    -X POST \
    -H "Authorization: Bearer ${VULTR_API_KEY}" \
    -H "Content-Type: application/json" \
    --data '{
        "label": "{cluster-name}",
        "region": "{region-id}",
        "version": "{kubernetes-version}",
        "enable_firewall": true,
        "node_pools": [
            {
                "node_quantity": {number-of-nodes},
                "label": "{node-label}",
                "plan": "{node-plan}"
            }
        ]
    }'

    Upon enabling the Firewall for your target cluster, create a Firewall group and add Firewall Rules to manage network traffic for your VKE cluster.

  5. Send a GET request to the Get Kubernetes Cluster endpoint to get the details of the target VKE cluster.

    console 
    $ curl "https://api.vultr.com/v2/kubernetes/clusters/{cluster-id}" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

  1. List all Vultr regions and note your target region ID.

    console 
    $ vultr-cli regions list

  2. List all available instance plans in your target region and note the target node pool plan.

    console 
    $ vultr-cli regions availability <region-id>

  3. List all available Kubernetes versions and note your target version to use.

    console 
    $ vultr-cli kubernetes versions

  4. Create a VKE cluster with Firewall enabled and note the target cluster's ID.

    console 
    $ vultr-cli kubernetes create --label "<cluster-name>" --region "<region-id>" --version "<kubernetes-version>" --enable-firewall true --node-pools "quantity:<number-of-nodes>,plan:<node-plan>,label:<node-label>"

    Upon enabling the Firewall for your target cluster, create a Firewall group and add Firewall Rules to manage network traffic for your VKE cluster.

  5. Get the deatils of the target VKE cluster.

    console 
    $ vultr-cli kubernetes get <cluster-id>

Comments

No comments yet.