1.2 KiB
| title |
|---|
| Security Considerations |
{% capture overview %} This page explains the security considerations of a deployed cluster and production recommendations. {% endcapture %} {% capture prerequisites %} This page assumes you have a working Juju deployed cluster. {% endcapture %}
By default all connections between every provided node is secured via TLS by easyrsa, including the etcd cluster.
Implementation
The TLS and easyrsa implementations use the following layers.
layer-tls-client layer-easyrsa
{% capture steps %}
Limiting ssh access
By default the administrator can ssh to any deployed node in a cluster. You can mass disable ssh access to the cluster nodes by issuing the following command.
juju model-config proxy-ssh=true
Note: The Juju controller node will still have open ssh access in your cloud, and will be used as a jump host in this case.
Refer to the model management page in the Juju documentation for instructions on how to manage ssh keys. {% endcapture %}
{% include templates/task.md %}