Simon Ostendorf
Simon Ostendorf
Would be very helpful. I am using the kubernetes provider in a same way and have test cases with terraform test. These tests fail because the resource can't be deleted...
I would like to ask when this version will be released.
I managed to enable vault secret injection via vault-injector by creating my own helm chart for the hcloud-cloud-controller-manager. The current helm chart doesn't support command customization (I need to run...
The other option could be reading the `HCLOUD_TOKEN` from a file, that was placed inside the container from the vault-injector. This would avoid the use of custom `source` command. What...
> This would somehow have to be changed if we want to implement this! Don't know if other users are interested in this feature. Changing this behavior would be a...
> @simonostendorf sorry for the late reply. Are you still interested in this feature? > > If not, please elaborate: Did you find a work-around? Would be a cool feature,...
Yes, I was also thinking about a separate project, but my idea about integration within the capi provider was that you could easily use the reconcile loops that are already...
> Which benefit would your FW bring, if accessing the port via LB works. Blocking port 6443 for api was just an example. You are right that blocking api accessible...
> Alternative solution: you can help yourself with a daemonset which creates the desired firewall rule via a `curl` command. This will be executed on each new machine. I think...
> @simonostendorf an alternative solution: [Cilium Cluster Wide Network Policy](https://docs.cilium.io/en/latest/network/kubernetes/policy/#ciliumclusterwidenetworkpolicy) Thanks, the cilium firewalls are a good starting point. > @simonostendorf we are interested in your use-case. Please write a...