Controller for applying Cloud Firewall policies to an LKE cluster. The intention is to use this to provide a strong default security boundary for an LKE cluster with options apply custom firewall rules as needed. The controller will ensure that all nodes in the cluster are added to the same firewall ruleset.
The installation process will require the following command line tools be available on your system.
Installation via helm can be achieved in two ways, either through checking out the appropriate code version locally, or through the helm repository. Either option will result in the same objects being installed into the appropriate locations in an LKE cluster.
git clone [email protected]:linode/cloud-firewall-controller.git
cd cloud-firewall-controller
# (optional) git checkout <tag>
export KUBECONFIG=<kubeconfig-path>
helm upgrade --install cloud-firewall-crd helm/crd \
&& kubectl wait --for condition=established --timeout=60s crd/cloudfirewalls.networking.linode.com \
&& helm upgrade --install cloud-firewall helm/controllerNote that the version in the helm commands is the helm chart version, not the application version.
helm repo add linode-cfw https://linode.github.io/cloud-firewall-controller
helm repo update linode-cfwexport KUBECONFIG=<kubeconfig-path>
helm install cloud-firewall-crd linode-cfw/cloud-firewall-crd \
&& kubectl wait --for condition=established --timeout=60s crd/cloudfirewalls.networking.linode.com \
&& helm install cloud-firewall-ctrl linode-cfw/cloud-firewall-controllerexport KUBECONFIG=<kubeconfig-path>
helm delete cloud-firewall-controller
helm delete cloud-firewall-crdThe output from the controller is pretty striaghtforward, it will generate a Cloud Firewall with a label matching the pattern lke-<cluster-id> and have the following policies:
