Traffic between Cloud Servers inside a Network is private and isolated, but not automatically encrypted. We recommend you use TLS or similar protocols to encrypt sensitive traffic.
The Rancher traffic between the agents and the Rancher related traffic to the nodes is fully encrypted over HTTPS.
The custom application specific traffic is not encrypted. But if you use the Hetzner Private Network, then it's not reachable by other people (Hetzner says that).
Requirements for Private Networks
Rancher host needs to be in the same Private Network as the selected one in the Node template.
Under the global settings of Rancher the server-url needs to be the internal IP of the Private Network (you can find it in the Hetzner Cloud Console). Otherwise the traffic won't go through the Internal network.
How to close the open ports on the public interface?
Frequently asked questions
is it secure?
Reference: Hetzner Cloud documentation
The Rancher traffic between the agents and the Rancher related traffic to the nodes is fully encrypted over HTTPS.
The custom application specific traffic is not encrypted. But if you use the Hetzner Private Network, then it's not reachable by other people (Hetzner says that).
Requirements for Private Networks
server-urlneeds to be the internal IP of the Private Network (you can find it in the Hetzner Cloud Console). Otherwise the traffic won't go through the Internal network.How to close the open ports on the public interface?
https://github.com/vitobotta/hetzner-cloud-init
TODO more verbose description