Is LKE secure from the network perspective?

SO if I create an LKE cluster, I can attach a firewall to each instance automatically using a daemonset with the following preconfigured rules:

TCP port 10250 inbound from, Kubelet health checks
UDP port 51820 inbound from, Wireguard tunneling for kubectl proxy
TCP 179 inbound from, Calico BGP traffic
TCP/UDP port 30000 - 32767 inbound from All, NodePorts for workload Services


This will pretect my cluster from external traffic.

Now as far as I understand, the 192 network is a datacenter network and so the opened ports will still be reached by other linode customers.

Is that the case? because if so LKE is not 100% secure from the network point of view.

PS: I can't use VPC because we have to have our services running in London/UK and that product is not still available there.

4 Replies

No answer from linode staff?

Yes, because you will need to keep certain ports open to traffic from the subnet, it does expose the cluster to entire IP range within the data center's private network.

To address your follow-up:

"No answer from linode staff?"

If your question is urgent, the easiest (and fastest) way to get in touch with the Support Team is to reach out to them directly either through a Support Ticket or by phone:

U.S. 855-454-6633
Global +1-609-380-7100

OK… what's the solution then? How can I deploy my k8s cluster in London and make sure it is secure from the network point of view against external traffic and internal neighbours

No answer from linode staff?


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct