Security Policies

Security Policies are the rules of traffic that are allowed or not allowed in your cluster. Following the principle of least privilege you should only allow the traffic necessary for you service to work. ClusterWare automatically generates certain policies to manage and secure your infrastructure. In addition to the automatically created policies, you have the option to create custom policies to further restrict access to your infrastructure.

Overview

Security Policy Tags

  • Auto: This policy is automatically generated by ClusterWare. See types of auto-generated Security Policies.

  • External: External tag indicates that this policy comes from the same server, but in a different cluster on your account. Servers with the same hostname and port created in different clusters share their Security Policies. This allows you to reuse the same server in different clusters and apply cluster-specific Security Policies seamlessly.

Auto-generated Security Policies

  • Incoming/Outgoing default: ClusterWare by default blocks all incoming traffic and allows all outgoing traffic from the server.

  • Allow SSH from ClusterWare: All servers are included in this policy allowing ClusterWare to access them and collect insights surfaced in the ClusterWare Console.

  • Allow from Internet to Load Balancer: For each server hosting a Load Balancer ClusterWare generates a policy allowing incoming traffic from the Internet to the Load Balancer server on the specified port.

  • Allow From Load Balancer to Applications: For each server hosting a Load Balancer ClusterWare generates a policy allowing outgoing traffic from the Load Balancer server to all Applications in the cluster.

Actions on Policy Card

The three-dot menu in the top right corner of the card provides additional actions for the policy:

  • Edit: Edit the Security Policy configuration details.

  • Delete: Permanently removes the Security Policy from the cluster.

Adding a New Security Policy

  • Add New Security Policy: The button is located at the bottom of the page. It allows the user to add a new Security Policy to the cluster.

PreviousEndpoint SecurityNextCreate/Edit Security Policy

Last updated