-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limited firewall rules at Hetzner - only 10 rules per server #8
Comments
Case created at Hetzner (Ticket#2021060403010239) - case closed, both not possible. |
"No, ovn-kubernetes is the one setting up the iptables rules that are causing the broken functionality...there's nothing the MCO can do in this case, I believe." Source internal slack. |
* Remove internal_ip not needed anymore * Remove hetzner software raid after centos installation too * Remove internal_hostname use inventory_hostname instead * Setup dns & lb first before firewall because configure-hrobot-firewall.yaml need ip of lb vm * Update toolbox, add missing packages * Update hosts.yaml.example * Update haproxy config, add only masters & bootstrap * Fixed issue #11 - setup raid on masters * Clean ip firewall configuration, bacause of #8 * Wipe RHCOS Raid too part of #11 * Improve reboot * Provide playbook to disable hetzner firewall * Fix igntion creation to add worker node afterwards * Update README, add how to add worker * Add post installation step * Add missing newline * fix: Make pre-commit happy Signed-off-by: Tomas Coufal <tcoufal@redhat.com> Co-authored-by: Tomas Coufal <tcoufal@redhat.com>
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
We can close this issue, this is a pure hetzner limitation we can change this. With #9 we try to figure out a new network design. |
Hetzner supports only 10 firewall rules.
With the current configuration, the amount of nodes per cluster is limited to 5 nodes, this is definitely too low!
Current configuration:
![image](https://user-images.githubusercontent.com/36604/120776209-414d1f80-c524-11eb-8462-36d59566f39f.png)
Possible solutions:
The text was updated successfully, but these errors were encountered: