1
0
Fork 0
mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-12-22 12:53:53 +00:00

k8s: hetzner firewall is not good enough

This commit is contained in:
Earl Warren 2024-10-17 19:08:00 +02:00
parent e732428516
commit d9420f8ac4
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00

View file

@ -65,17 +65,6 @@ lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
## firewall
Hetzner hosts have a firewall that must be configured from
https://robot.hetzner.com/server to only allow incoming ssh, http,
https requests for both IPv4 & IPv6. Each server has a "Firewall" tab
that provides control over this firewall.
The firewall applies to the VLAN too. The 10.0.0.0/8 source address
must therefore be allowed explicitly for IPv4 and that must be the
first rule of the firewall.
A template "k8s" was defined that can be used for sharing the same
rules between multiple k8s nodes.
## nftables