0

Securing a CoreOS Cluster

"Coreos-wordmark-horiz-color" by Rob Szumski - Own work. Licensed under CC BY-SA 3.0 via Commons - https://commons.wikimedia.org/wiki/File:Coreos-wordmark-horiz-color.png#/media/File:Coreos-wordmark-horiz-color.png

If you are planning to run a CoreOS cluster in a network environment outside of your control, such as within a shared datacenter or across the public internet, you may have noticed that etcd communicates by making unencrypted HTTP requests. It’s possible to mitigate the risks of that behavior by configuring an IPTables firewall on each node in the cluster, but a complete solution would ideally use an encrypted transport layer.

Fortunately, etcd supports peer-to-peer TLS/SSL connections, so that each member of a cluster is authenticated and all communication is encrypted. In this guide, we’ll begin by provisioning a simple cluster with three members, then configure HTTPS endpoints and a basic firewall on each machine.

If you are looking to deploy a CoreOS cluster, check out brennen‘s first tutorial for digital ocean!


Join 5,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython in 2018 – Python on Microcontrollers is here!

Have an amazing project to share? Join the SHOW-AND-TELL every Wednesday night at 7:30pm ET on Google+ Hangouts.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/


Maker Business — A journey through Shenzhen, the electronics manufacturing hub of the world

Wearables — Ice, ice baby

Electronics — Current limiting!

Biohacking — Grindfest 2018

Python for Microcontrollers — CRICKITs are coming!

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



No Comments

No comments yet.

Sorry, the comment form is closed at this time.