If you add a remote host with a public ip to a locally installed/running Rancher, what security is there or do you need to put in place to protect the remote host running the rancher-agent?
I’ve configured Access Control on my local Rancher install, but is there anyway you can protect the remote host, for example with ssh keys?
The IPSec network is only between hosts. The agent opens a websocket connection to the server (at the registration URL), the server does not open a connection to the agents.
Ok, got it. So if my remote host is a VPS publicly accessible on the internet, what do I need to consider to harden the host and it’s use of the rancher agent? What would stop someone else pointing their rancher-server at my rancher agent and taking control of it or deploying their own apps to my host?
Again, the agent opens the connection to the server, not the other way around. So the question is the other way, and the agent must have a valid registration URL/token from that server to connect.