Security Considerations
By default all connections between every provided node are secured via TLS by easyrsa, including the etcd cluster.
This page explains the security considerations of a deployed cluster and production recommendations.
Before you begin
This page assumes you have a working Juju deployed cluster.
Implementation
The TLS and easyrsa implementations use the following layers.
layer-tls-client layer-easyrsa
Limiting ssh access
By default the administrator can ssh to any deployed node in a cluster. You can mass disable ssh access to the cluster nodes by issuing the following command.
juju model-config proxy-ssh=true
Note: The Juju controller node will still have open ssh access in your cloud, and will be used as a jump host in this case.
Refer to the model management page in the Juju documentation for instructions on how to manage ssh keys.
Feedback
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.
Page last modified on April 03, 2019 at 3:57 PM PST by
网站初步实现预期效果 (Page History)