Add option to disable Kube API firewall
The middlewared adds a firewall at every boot to block the Kubernetes API from external access. Add a command line option to drop the firewall rule. Signed-off-by: SuperQ <superq@gmail.com>
This commit is contained in:
parent
caee00f7eb
commit
79e9c31a42
@ -29,6 +29,7 @@ It also offers a few handy shortcuts for commonly required chores, like: Enablin
|
|||||||
| --dns | --dns | None | list all of your applications DNS names and their web ports |
|
| --dns | --dns | None | list all of your applications DNS names and their web ports |
|
||||||
| --list-backups | --list-backups | None | Prints a list of backups available |
|
| --list-backups | --list-backups | None | Prints a list of backups available |
|
||||||
| --helm-enable | --helm-enable | None | Enables Helm command access on SCALE |
|
| --helm-enable | --helm-enable | None | Enables Helm command access on SCALE |
|
||||||
|
| --kubeapi-enable | --kubeapi-enable | None | Enables external access to Kuberntes API port |
|
||||||
| --apt-enable | --apt-enable | None | Enables Apt command access on SCALE |
|
| --apt-enable | --apt-enable | None | Enables Apt command access on SCALE |
|
||||||
| --no-color | --no-color | None | Disables showing colors in terminal output, usefull for SCALE Email output |
|
| --no-color | --no-color | None | Disables showing colors in terminal output, usefull for SCALE Email output |
|
||||||
| -U | -U | None | Update applications, ignoring major version changes |
|
| -U | -U | None | Update applications, ignoring major version changes |
|
||||||
|
@ -12,6 +12,17 @@ chmod +x /usr/bin/apt* && echo -e "${IGreen}APT enabled${Color_Off}"|| echo -e "
|
|||||||
}
|
}
|
||||||
export -f aptEnable
|
export -f aptEnable
|
||||||
|
|
||||||
|
kubeapiEnable(){
|
||||||
|
local -r comment='iX Custom Rule to drop connection requests to k8s cluster from external sources'
|
||||||
|
echo -e "${BWhite}Enabling Apt-Commands${Color_Off}"
|
||||||
|
if iptables -t filter -L INPUT 2> /dev/null | grep -q "${comment}" ; then
|
||||||
|
iptables -D INPUT -p tcp -m tcp --dport 6443 -m comment --comment "${comment}" -j DROP && echo -e "${IGreen}Kubernetes API enabled${Color_Off}"|| echo -e "${IRed}Kubernetes API Enable FAILED${Color_Off}"
|
||||||
|
else
|
||||||
|
echo -e "${IGreen}Kubernetes API already enabled${Color_Off}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
export -f kubeapiEnable
|
||||||
|
|
||||||
# Prune unused docker images to prevent dataset/snapshot bloat related slowdowns on SCALE
|
# Prune unused docker images to prevent dataset/snapshot bloat related slowdowns on SCALE
|
||||||
prune(){
|
prune(){
|
||||||
echo -e "${BWhite}Docker Prune${Color_Off}"
|
echo -e "${BWhite}Docker Prune${Color_Off}"
|
||||||
|
@ -12,6 +12,7 @@ no_args(){
|
|||||||
echo "7 Enable Helm Commands"
|
echo "7 Enable Helm Commands"
|
||||||
echo "8 Enable Apt and Apt-Get Commands"
|
echo "8 Enable Apt and Apt-Get Commands"
|
||||||
echo "9 Update All Apps"
|
echo "9 Update All Apps"
|
||||||
|
echo "10 Enable external access to Kuberntes API port"
|
||||||
read -rt 600 -p "Please select an option by number: " selection
|
read -rt 600 -p "Please select an option by number: " selection
|
||||||
|
|
||||||
case $selection in
|
case $selection in
|
||||||
@ -59,6 +60,9 @@ no_args(){
|
|||||||
echo "INVALID ENTRY" && exit 1
|
echo "INVALID ENTRY" && exit 1
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
10)
|
||||||
|
kubeapiEnable="true"
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Unknown option" && exit 1
|
echo "Unknown option" && exit 1
|
||||||
;;
|
;;
|
||||||
|
@ -68,6 +68,9 @@ else
|
|||||||
apt-enable)
|
apt-enable)
|
||||||
aptEnable="true"
|
aptEnable="true"
|
||||||
;;
|
;;
|
||||||
|
kubeapi-enable)
|
||||||
|
kubeapiEnable="true"
|
||||||
|
;;
|
||||||
no-color)
|
no-color)
|
||||||
noColor
|
noColor
|
||||||
;;
|
;;
|
||||||
@ -158,7 +161,8 @@ fi
|
|||||||
[[ "$help" == "true" ]] && help
|
[[ "$help" == "true" ]] && help
|
||||||
[[ "$helmEnable" == "true" ]] && helmEnable
|
[[ "$helmEnable" == "true" ]] && helmEnable
|
||||||
[[ "$aptEnable" == "true" ]] && aptEnable
|
[[ "$aptEnable" == "true" ]] && aptEnable
|
||||||
[[ "$aptEnable" == "true" || "$helmEnable" == "true" ]] && exit
|
[[ "$kubeapiEnable" == "true" ]] && kubeapiEnable
|
||||||
|
[[ "$aptEnable" == "true" || "$helmEnable" == "true" || "$kubeapiEnable" == "true" ]] && exit
|
||||||
[[ "$listBackups" == "true" ]] && listBackups && exit
|
[[ "$listBackups" == "true" ]] && listBackups && exit
|
||||||
[[ "$deleteBackup" == "true" ]] && deleteBackup && exit
|
[[ "$deleteBackup" == "true" ]] && deleteBackup && exit
|
||||||
[[ "$dns" == "true" ]] && dns && exit
|
[[ "$dns" == "true" ]] && dns && exit
|
||||||
|
Loading…
Reference in New Issue
Block a user