Replies: 6 comments 9 replies
-
@beslovas It is still necessary for changes and setup. But you can completely isolate the node via the firewall rules, see kube.tf.example, it's basically equivalent of having no public IPs. However, in future versions of the project definitly ship this if we can. |
Beta Was this translation helpful? Give feedback.
-
Hetzner has a limit on public IPs (by default 20) and each is billed with € 1.70/month. it seems quite wasteful to assign them and then hide them behind a firewall. |
Beta Was this translation helpful? Give feedback.
-
Yes, I'd rather have a public IPv6 version only support. I don't need an IPv4. |
Beta Was this translation helpful? Give feedback.
-
I've been experimenting with this. There are some small practical issues that make this a bit more complex than you'd expect. You could probably work around the limitation of GHCR by proxying the container images using K3's internal registry proxy, but as it is, the new nodes cannot download K3s without having IPv4 connectivity to GitHub. |
Beta Was this translation helpful? Give feedback.
-
any updates here? |
Beta Was this translation helpful? Give feedback.
-
Hi everyone, I've been working on this feature, may you please give some feedback on #1567 ? Thanks ! |
Beta Was this translation helpful? Give feedback.
-
Description
I believe it is not necessary for nodes to have public IP if they are placed under load-balancer, or communicating using private network. Terraform provider for hetzner-cloud supports this: https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server#basic-server-creation
Beta Was this translation helpful? Give feedback.
All reactions