Andrew Sy Kim

Yeah for public addresses you probably do want firewalls. What I meant was that there are very _few_ downsides of enabling private network (especially with the new default VPC isolation)....

That is true, the current implementation of LBs require that the certificate was already created and that you know the certificate ID. The new Let's Encrypt feature means that we...

Good catch, we shouldn't be trying to remove images used by existing containers I think I missed this because you can't force remove images if they're in use anyways. ```...

As Stefan mentioned in https://github.com/kubernetes-digitalocean-terraform/kubernetes-digitalocean-terraform/pull/39, the cloud controller manager addon will handle the case where a droplet is deleted and delete the node from the kubernetes API rather than let...

Hi @kyv this would be a great win for this project! What are your thoughts on using droplet tags for the firewall rules instead of the private IPs?

Might be useful https://github.com/kubernetes-digitalocean-terraform/kubernetes-digitalocean-terraform/pull/35

@kyv you raise a good point. I'd have to think this through as tags are more future proof vs using droplet ids or source addresses. In the meantime, I think...

@kyv I think your approach works best :) Let's write up some comments for the firewall rules and it should be good for another review

@kyv yeah that seems reasonable

hi @aknuds1 sorry it's been a while since this PR was reviewed. I left a comment for you :)