mirror of
https://code.forgejo.org/infrastructure/documentation
synced 2024-11-14 17:21:52 +00:00
k8s: hetzner firewall is not good enough
This commit is contained in:
parent
e732428516
commit
d9420f8ac4
11
README.md
11
README.md
|
@ -65,17 +65,6 @@ lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
|
||||||
|
|
||||||
## firewall
|
## firewall
|
||||||
|
|
||||||
Hetzner hosts have a firewall that must be configured from
|
|
||||||
https://robot.hetzner.com/server to only allow incoming ssh, http,
|
|
||||||
https requests for both IPv4 & IPv6. Each server has a "Firewall" tab
|
|
||||||
that provides control over this firewall.
|
|
||||||
|
|
||||||
The firewall applies to the VLAN too. The 10.0.0.0/8 source address
|
|
||||||
must therefore be allowed explicitly for IPv4 and that must be the
|
|
||||||
first rule of the firewall.
|
|
||||||
|
|
||||||
A template "k8s" was defined that can be used for sharing the same
|
|
||||||
rules between multiple k8s nodes.
|
|
||||||
|
|
||||||
## nftables
|
## nftables
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue