Skip to content

NodePort Service Only Accessible via one Interface #9577

Closed Answered by smira
Sarapuce asked this question in Q&A
Discussion options

You must be logged in to vote

First of all, it's not Talos Ingress Firewall, as it's disabled by default. Talos doesn't do any filtering unless you enable it.

From Kubernetes documentation:

NodePort
Exposes the Service on each Node's IP at a static port (the NodePort). To make the node port available, Kubernetes sets up a cluster IP address, the same as if you had requested a Service of type: ClusterIP.

From kube-proxy docs:

--nodeport-addresses strings
A list of CIDR ranges that contain valid node IPs, or alternatively, the single string 'primary'. If set to a list of CIDRs, connections to NodePort services will only be accepted on node IPs in one of the indicated ranges. If set to 'primary', NodePort services will…

Replies: 2 comments 1 reply

Comment options

You must be logged in to vote
1 reply
@smira
Comment options

Answer selected by Sarapuce
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants