Add option to disable Kube API firewall

The middlewared adds a firewall at every boot to block the Kubernetes API from external access. Add a command line option to drop the firewall rule. Signed-off-by: SuperQ <superq@gmail.com>
2022-09-26 15:08:07 +02:00
parent caee00f7eb
commit 79e9c31a42
4 changed files with 21 additions and 1 deletions
--- a/includes/chores.sh
+++ b/includes/chores.sh
@ -12,6 +12,17 @@ chmod +x /usr/bin/apt* && echo -e "${IGreen}APT enabled${Color_Off}"|| echo -e "
 }
 export -f aptEnable

+kubeapiEnable(){
+local -r comment='iX Custom Rule to drop connection requests to k8s cluster from external sources'
+echo -e "${BWhite}Enabling Apt-Commands${Color_Off}"
+if iptables -t filter -L INPUT 2> /dev/null | grep -q "${comment}" ; then
+  iptables -D INPUT -p tcp -m tcp --dport 6443 -m comment --comment "${comment}" -j DROP && echo -e "${IGreen}Kubernetes API enabled${Color_Off}"|| echo -e "${IRed}Kubernetes API Enable FAILED${Color_Off}"
+else
+  echo -e "${IGreen}Kubernetes API already enabled${Color_Off}"
+fi
+}
+export -f kubeapiEnable
+
 # Prune unused docker images to prevent dataset/snapshot bloat related slowdowns on SCALE
 prune(){
 echo -e "${BWhite}Docker Prune${Color_Off}"
--- a/includes/no_args.sh
+++ b/includes/no_args.sh
@ -12,6 +12,7 @@ no_args(){
  echo "7  Enable Helm Commands"
  echo "8  Enable Apt and Apt-Get Commands"
  echo "9  Update All Apps"
+  echo "10 Enable external access to Kuberntes API port"
  read -rt 600 -p "Please select an option by number: " selection

  case $selection in
@ -59,6 +60,9 @@ no_args(){
        echo "INVALID ENTRY" && exit 1
      fi
      ;;
+    10)
+      kubeapiEnable="true"
+      ;;
    *)
      echo "Unknown option" && exit 1
      ;;