Comments (3)
batistein
commented on June 3, 2024
1
ok then i will close this issue. ;)
from cluster-api-provider-hetzner.
batistein
commented on June 3, 2024
@BigBrather without going too much into details, I can only tell you from my experience: we used hcloud networks in the beginning three years ago, since we started our managed kubernetes on hetzner, we had so many problems that we stopped using it. Since then, I try it from time to time, but I still have those kinds of problems.
There are so many great solutions out there that use the zero trust principle and with that approach really everything in your infrastructure is going to be much more secure because you always have to think about it from a security perspective. For example, we do not use a hetzner firewall, we only use the cilium host firewall, which makes the management much easier, single pane of declarative configuration and not the problem of misconfiguration or external issues. For internal traffic, we use things like mTLS where appropriate, so you can also get workload attestation with the right tools and a lot more visibility.
from cluster-api-provider-hetzner.
BigBrather
commented on June 3, 2024
@batistein Thanks for your reply.
We abandoned the local network and will observe how CAPI works in this version. Hope this solves it our network problem.
Regarding the firewall settings on the Hetzner Cloud side, it is also clear.
from cluster-api-provider-hetzner.
Related Issues (20)
- Link Checker Dashboard HOT 1
- add notes about having ccm and CNI installed
- Make list of Go imports that we use aliases for and update golangci-lint
- avoid warnings around finalizers HOT 1
- Advanced Baremetal guide
- Guide how to upgrade clusters
- Document advanced configuration options
- Wrong condition is sometimes shown when HetznerBareMetalHost deprovisions
- HetznerBareMetalHost hangs in deprovisioning state if not fully provisioned
- Handle 403 error from Robot API when API credentials are wrong
- Multiple SSH key support for robot HOT 6
- I created a k8s cluster with cluster api and hezner provider, but the cluster never acheive the working state HOT 4
- unit-test for validateRootDeviceWwnsAreSubsetOfExistingWwns()
- Remove whitespace at the end of storage.vendor (hbmh)
- confusing hcloudmachinetemplate controller error when using k0s HOT 5
- HetznerBaremetalHosts stuck in: host is still provisioning - state "registering" HOT 7
- Add documentation for ssh secret name specified in secret after PR #1289
- How to enable basic Firewall settings for K8s Cluster, which was created using CAPI? HOT 3
- Setting up a basic Firewall on the Cilium side in K8s Cluster CAPI HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cluster-api-provider-hetzner.