Standard disclaimer: I'm new to ECE so I might be missing something.
I'm trying to learn the communication patterns in ECE to be able to create a good set of firewall rules.
I have seen Networking prerequisites | Elastic Cloud Enterprise Reference [2.10] | Elastic and it provides a start but it doesn't tell me all I wan't to know (or it's me not understanding it).
I would like to see a table or sketch that defines:
- The number in the sketch
- The role/host the traffic is going to
- The role/host the traffic is coming from
- The purpose of the traffic
This is includes sometimes and somtimes it's not
For example it says "8 Allocator, 9244, Kibana to the services forwarder (HTTP)" and in Proxy / Forwarder security issue - Elastic Orchestration / Elastic Cloud Enterprise (ECE) - Discuss the Elastic Stack it's stated that it only should be allowed from localhost on alloctators.
Does this mean that numbers 1,6 and 7 in Networking prerequisites | Elastic Cloud Enterprise Reference [2.10] | Elastic also should have localhost only rules ?
I have been trying to make a table based on the format above. It's far from complete and most likely wrong to . Question marks are the things that I'm missing:
|4|Director|12191-12201|Allocator/proxy/Coordinator|Client forwarder to ZooKeeper|
|9|proxy|9200/9243 9300/9343|Allocator Coordinator|Kibana and Elasticsearch (HTTP via TLS tunnel)|
|5|Allocator|19000-19999|Allocator Coordinator|Elasticsearch node to node|
|6|Allocator|18000-18999 20000-20999|?|proxy to ES/Kibana/APM server|
|8|Allocator|9244|localhost|Kibana to the services forwarder (HTTP)|
|10|Allocator|18000-18999|Coordinator|Kibana and Elasticsearch (HTTP via TLS tunnel)|
|11|Allocator|18000-18999 20000-20999|Proxy|Elasticsearch (HTTPS/Transport Client TLS)|
Since nr 12-13 are missing in the sketch they are not included.