Security Groups Tab
Security groups act as virtual firewalls that control inbound and outbound traffic for the cluster. The Security Groups tab lists every security group currently attached to the cluster, along with its rules, and lets you attach and detach groups.
To open it, select a cluster and choose the Security Groups tab.
The control plane requires TCP port 6443 to be allowed, or kubectl and cluster clients cannot reach the API server. The cluster networking overlay also requires UDP port 8472. Make sure at least one attached security group permits these ports.
Attach a Security Group
- On the Security Groups tab, select Attach Security Group.
- Select one or more security groups from the available list.
- Select Attach to confirm.
Detach a Security Group
- Locate the security group you want to remove.
- Select Detach next to it.
- Confirm in the dialog.
At least one security group must remain attached to the cluster at all times - the portal prevents removing the last one.
Allow All Traffic
If traffic is being blocked by a conflict between OS firewall services and security group rules, use Allow All Traffic to temporarily permit all inbound and outbound traffic. This creates and attaches an allow-all security group so you can isolate the conflict, then tighten the rules again once it is resolved.
Related Resources
| Resource | Use it for |
|---|---|
| Connect to a Cluster | Why port 6443 must be open. |
| Networking | Service IPs and external exposure. |
| Node Security | Security group concepts and rules. |