How to setup k3s Cluster with disabled external Interfaces #252
Replies: 4 comments 6 replies
-
To clarify, the tool installs k3s, not rke2 :) |
Beta Was this translation helpful? Give feedback.
-
Do note that the interface need not be |
Beta Was this translation helpful? Give feedback.
-
Try to access the k8s api via the private IP of the LB. This should work. Next you can disable public access of the hetzner LB. |
Beta Was this translation helpful? Give feedback.
-
Since the pfsense host is a potential single point of failure I guess this setup is not ideal for clusters (applications) that need to contact a lot of external APIs, am I right? Would it be an alternative to block all incoming connections on the nodes using the Hetzner firewall that's available on the cloud servers and let the nodes talk to external hosts directly? |
Beta Was this translation helpful? Give feedback.
-
Some pre-condition:
existing_network
Example config for test cluster:
Some explanations:
post_create_commands
for cloud init will create own network configuration on VM creation:
directly the yaml parser crashes. So I use##
and replace it the end. Didn't found anythink to mask the:
(Maybe you found it ;-))Deployment grafik
Small graphic to get an overview (Network is different to example config):
Beta Was this translation helpful? Give feedback.
All reactions