mirror of
https://code.forgejo.org/infrastructure/documentation
synced 2024-11-14 09:11:54 +00:00
k8s: hetzner firewall is not good enough
This commit is contained in:
parent
e732428516
commit
d9420f8ac4
11
README.md
11
README.md
|
|
@ -65,17 +65,6 @@ lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
|
|||
|
||||
## firewall
|
||||
|
||||
Hetzner hosts have a firewall that must be configured from
|
||||
https://robot.hetzner.com/server to only allow incoming ssh, http,
|
||||
https requests for both IPv4 & IPv6. Each server has a "Firewall" tab
|
||||
that provides control over this firewall.
|
||||
|
||||
The firewall applies to the VLAN too. The 10.0.0.0/8 source address
|
||||
must therefore be allowed explicitly for IPv4 and that must be the
|
||||
first rule of the firewall.
|
||||
|
||||
A template "k8s" was defined that can be used for sharing the same
|
||||
rules between multiple k8s nodes.
|
||||
|
||||
## nftables
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue