ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 8 days agoYour Containers are Leaking (And How to Plug the Hole)blog.dera.pageexternal-linkmessage-square14fedilinkarrow-up10arrow-down10file-text
arrow-up10arrow-down1external-linkYour Containers are Leaking (And How to Plug the Hole)blog.dera.pageElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · 8 days agomessage-square14fedilinkfile-text
minus-squaremoonpiedumplings@programming.devlinkfedilinkEnglisharrow-up0·7 days agoSame here. K8s makes stuff like this so mucb easier, since you can declaratively control traffic flow via NetworkPolicies. And with cilum you ca use hubble to visualize whay traffic is currently happening, in order to figure out what is actually needed. I also use Cilium as my host based firewall instead of ufw/firewalld. https://docs.cilium.io/en/latest/security/host-firewall/
Same here. K8s makes stuff like this so mucb easier, since you can declaratively control traffic flow via NetworkPolicies.
And with cilum you ca use hubble to visualize whay traffic is currently happening, in order to figure out what is actually needed.
I also use Cilium as my host based firewall instead of ufw/firewalld.
https://docs.cilium.io/en/latest/security/host-firewall/