From e8d728d0162ebcdf951464caa8be3a5b156eb463 Mon Sep 17 00:00:00 2001
From: Kelsey Hightower <kelsey.hightower@gmail.com>
Date: Mon, 2 Oct 2017 06:48:09 -0700
Subject: [PATCH] remove remote access to insecure port

---
 docs/03-compute-resources.md | 10 ----------
 docs/14-cleanup.md           |  3 +--
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/docs/03-compute-resources.md b/docs/03-compute-resources.md
index 1f0f8d0..d81202d 100644
--- a/docs/03-compute-resources.md
+++ b/docs/03-compute-resources.md
@@ -52,15 +52,6 @@ gcloud compute firewall-rules create kubernetes-the-hard-way-allow-external \
   --source-ranges 0.0.0.0/0
 ```
 
-Create a firewall rule that allows health check probes from the GCP [network load balancer IP ranges](https://cloud.google.com/compute/docs/load-balancing/network/#firewall_rules_and_network_load_balancing):
-
-```
-gcloud compute firewall-rules create kubernetes-the-hard-way-allow-health-checks \
-  --allow tcp:8080 \
-  --network kubernetes-the-hard-way \
-  --source-ranges 209.85.204.0/22,209.85.152.0/22,35.191.0.0/16
-```
-
 > An [external load balancer](https://cloud.google.com/compute/docs/load-balancing/network/) will be used to expose the Kubernetes API Servers to remote clients.
 
 List the firewall rules in the `kubernetes-the-hard-way` VPC network:
@@ -74,7 +65,6 @@ gcloud compute firewall-rules list --filter "network: kubernetes-the-hard-way"
 ```
 NAME                                         NETWORK                  DIRECTION  PRIORITY  ALLOW                 DENY
 kubernetes-the-hard-way-allow-external       kubernetes-the-hard-way  INGRESS    1000      tcp:22,tcp:6443,icmp
-kubernetes-the-hard-way-allow-health-checks  kubernetes-the-hard-way  INGRESS    1000      tcp:8080
 kubernetes-the-hard-way-allow-internal       kubernetes-the-hard-way  INGRESS    1000      tcp,udp,icmp
 ```
 
diff --git a/docs/14-cleanup.md b/docs/14-cleanup.md
index 9591d0a..d9084c8 100644
--- a/docs/14-cleanup.md
+++ b/docs/14-cleanup.md
@@ -37,8 +37,7 @@ Delete the `kubernetes-the-hard-way` firewall rules:
 gcloud -q compute firewall-rules delete \
   kubernetes-the-hard-way-allow-nginx-service \
   kubernetes-the-hard-way-allow-internal \
-  kubernetes-the-hard-way-allow-external \
-  kubernetes-the-hard-way-allow-health-checks
+  kubernetes-the-hard-way-allow-external
 ```
 
 Delete the Pod network routes: