Help Center> Cloud Container Engine> FAQ> Networking> Security Hardening> How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?
View PDF

How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?

  • If access to port 22 of a cluster node is not required, you can define a security group rule that disables access to port 22.
  • Do not bind an EIP to a cluster node unless necessary.

If remote login to a cluster node is required, you are advised to use Cloud Bastion Host (CBH) as the transit node to connect to the cluster node.

Parent topic: Security Hardening