Configuring the Firewall

After an OS is installed, if a common user is configured, you can add the ALWAYS_SET_PATH field to the /etc/login.defs file and set it to yes to prevent unauthorized operations. In addition, to prevent the common user from using the su root command to inherit environment variables to escalate the privileges, you can set ALWAYS_SET_PATH in the server configuration file /etc/default/su to yes.

During installation and deployment of Kubernetes, the firewall must be disabled. In the production environment, for security purposes, you must configure the communication ports and network policies of Kubernetes components on the firewall. For details about the configuration method, see the official document.