This article provides insights on filtering IP addresses for Kubeconfig access and managing your Kubernetes cluster. Limiting access to trusted IP addresses reduces the risk of malicious attacks, and ensures that only authorized personnel can control the cluster.
The list of IP addresses to use depends heavily on where the personnel is accessing the cluster from. Refer to your company IT department to know which addresses to use.
Applying IP restrictions to limit who can manage your cluster
- In the Leaseweb Customer Portal, go to the “Kubernetes” tab
- Select the cluster you want to protect and click the “Update” button
- The loaded page allows you to customize your cluster. Scroll to the “Cluster Allowed IPs” Section
Warning
By leaving the list empty, or by specifying 0.0.0.0/0 you are effectively letting anyone with a valid token manage your cluster, which is not a safe way to secure your cluster.
- Use the “Add IP” button to add a new IP address to authorize the management of your cluster
- Remove any undesired IP using the “Delete IP” button
- You will be asked to confirm that you indeed want to remove that IP
- Keeping obsolete IPs away from the authorized IP list, and reviewing the list periodically can help enhance your security!
- At the bottom of the page confirm the changes using the “Confirm” button
- The changes will be applied to your cluster in a couple of seconds.
Once these changes are applied, only the users using one of the specified IP addresses will be able to be used to manage this cluster.
Information
Ensure that you regularly review these IP addresses to confirm they are the ones administrators commonly use to connect to your clusters.
