1. Security Group for Master Nodes

Name: `K8s-Master-SG`

Ibound Rules:

These rules allow the master nodes to communicate with the worker nodes and external services securely.

Protocol	Port Range	Source	Description
TCP	6443	`K8s-Worker-SG`	Kubernetes API server communication
TCP	2379-2380	`K8s-Master-SG`	Etcd server communication
TCP	10250	`K8s-Worker-SG`	Kubelet communication
TCP	10251	`K8s-Master-SG`	Kube-scheduler communication
TCP	10252	`K8s-Master-SG`	Controller-manager communication
TCP	22	Admin IP	SSH access for administration
ICMP	All	`K8s-Worker-SG`	Ping requests

Outbound Rules:

Allow all outbound traffic (0.0.0.0/0) unless specific restrictions apply.

2. Security Group for Worker Nodes

Name: `K8s-Worker-SG`

Inbound Rules:

These rules enable the worker nodes to communicate with the master nodes and handle external traffic.

Protocol	Port Range	Source	Description
TCP	10250	`K8s-Master-SG`	Kubelet communication from master
TCP	30000-32767	`0.0.0.0/0`	NodePort services
TCP	22	Admin IP	SSH access for administration
ICMP	All	`K8s-Master-SG`, `K8s-Worker-SG`	Ping requests

Outbound Rules:

Allow all outbound traffic (0.0.0.0/0) unless specific restrictions apply.

Explanation of Key Ports

6443: Kubernetes API server port, used by worker nodes to communicate with the master.
2379-2380: Ports for etcd, the key-value store used by Kubernetes.
10250: Port for Kubelet API, used for control plane to node communication.
10251: Kube-scheduler listens on this port for leader election.
10252: Controller-manager listens on this port for leader election.
30000-32767: Kubernetes services exposed via NodePort use these ports.

Best Practices

Restrict SSH Access
Only allow SSH access from trusted IP addresses to improve security.
Minimize External Access
Limit external access to only necessary ports (e.g., for NodePort services or LoadBalancer).
VPC and Subnet
Ensure that both master and worker nodes are in the same VPC and use private subnets for internal communication.

Thanks for spending your valuable time in learning to enhance your knowledge!😃🙏

Share this with your colleagues and friends! ➤🤝

𝗙𝗼𝗹𝗹𝗼𝘄 𝗺𝗲🔗╰┈➤

Hashnode: kshitijaa.hashnode.dev

LinkedIn: kshitija-bartakke-malwade

AWS Security Group Configuration for Kubernetes

1. Security Group for Master Nodes

Name: `K8s-Master-SG`

Ibound Rules:

These rules allow the master nodes to communicate with the worker nodes and external services securely.

Outbound Rules:

2. Security Group for Worker Nodes

Name: `K8s-Worker-SG`

Inbound Rules:

These rules enable the worker nodes to communicate with the master nodes and handle external traffic.

Outbound Rules:

Explanation of Key Ports

Best Practices

Thanks for spending your valuable time in learning to enhance your knowledge!😃🙏

𝗙𝗼𝗹𝗹𝗼𝘄 𝗺𝗲🔗╰┈➤

Hashnode: kshitijaa.hashnode.dev

LinkedIn: kshitija-bartakke-malwade

AWS Security Group Configuration for Kubernetes

1. Security Group for Master Nodes

Name: K8s-Master-SG

Ibound Rules*:*

These rules allow the master nodes to communicate with the worker nodes and external services securely.

Outbound Rules:

2. Security Group for Worker Nodes

Name: K8s-Worker-SG

Inbound Rules:

These rules enable the worker nodes to communicate with the master nodes and handle external traffic.

Outbound Rules:

Explanation of Key Ports

Best Practices

Thanks for spending your valuable time in learning to enhance your knowledge!😃🙏

Share this with your colleagues and friends! ➤🤝

𝗙𝗼𝗹𝗹𝗼𝘄 𝗺𝗲🔗╰┈➤

Hashnode: kshitijaa.hashnode.dev

LinkedIn: kshitija-bartakke-malwade

Name: `K8s-Master-SG`

Ibound Rules:

Name: `K8s-Worker-SG`