Hardening Kubernetes Security

To ensure secure running of the environment, you are advised to control the login permission of the master node in a cluster based on services, and control the access permission of the private key file required for running KubeEdge CloudCore and the authentication credential stored in ETCD.

The CloudCore startup command allows you to specify the path of the configuration file. You can set the IP address in the configuration file to a specific one to prevent all-zero listening.

cloudcore --config Configuration_file_path

For example, the following configuration for the CloudCore service uses a specific IP address (xx.xx.xx.xx indicates the IP address that can be accessed):

...
modules:
cloudHub:
advertiseAddress:
- xx.xx.xx.xx
enable: true
https:
address: xx.xx.xx.xx
enable: true
port: 10002
nodeLimit: 1000
...
websocket:
address: xx.xx.xx.xx
enable: true
port: 10000
...
router:
address: xx.xx.xx.xx
enable: false
port: 9443
restTimeout: 60
...