tumido
commented
3 years ago :+1: I have no knowledge on this topic, so my input will be probably minimal, but I agree with the need for this in general. :slightly_smiling_face:
Closed goern closed 2 years ago
tumido
commented
3 years ago :+1: I have no knowledge on this topic, so my input will be probably minimal, but I agree with the need for this in general. :slightly_smiling_face:
goern
commented
3 years ago Rober got all the brains, you got all the process/docs ;) I use the words of a well-known person: its a win-win-win situation
rbo
commented
3 years ago Currently, the SDN traffic is plain is unencrypted over public ips, it stays in the Hetzner datacenter but is unencrypted!
The Solution is to setup IPSec between all nodes: https://docs.openshift.com/container-platform/4.7/installing/installing_bare_metal/installing-bare-metal-network-customizations.html#modifying-nwoperator-config-startup_installing-bare-metal-network-customizations
Overview:
Import the part "The following internode traffic is NOT IPSec encrypted:" to understand the limitation.
sesheta
commented
3 years ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
/lifecycle stale
sesheta
commented
3 years ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
/lifecycle rotten
sesheta
commented
2 years ago Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
/close
sesheta
commented
2 years ago @sesheta: Closing this issue.
We need to figure out how we design/deploy a private network on public interfaces, and how to deploy storage
@tumido @rbo