ElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · edit-22 days agoHow to block unwanted outbound traffic from your containersblog.dera.pageexternal-linkmessage-square16linkfedilinkarrow-up188arrow-down12file-text
arrow-up186arrow-down1external-linkHow to block unwanted outbound traffic from your containersblog.dera.pageElectricVocalist@jlai.lu to Selfhosted@lemmy.worldEnglish · edit-22 days agomessage-square16linkfedilinkfile-text
minus-squarenebula@lemmy.calinkfedilinkEnglisharrow-up3·1 day agoNice work! This was the reason I moved my homelab stack to k8s with Cilium.
minus-squaremoonpiedumplings@programming.devlinkfedilinkEnglisharrow-up3·18 hours agoSame here. K8s makes stuff like this so mucb easier, since you can declaratively control traffic flow via NetworkPolicies. And with cilum you ca use hubble to visualize whay traffic is currently happening, in order to figure out what is actually needed. I also use Cilium as my host based firewall instead of ufw/firewalld. https://docs.cilium.io/en/latest/security/host-firewall/
minus-squarenebula@lemmy.calinkfedilinkEnglisharrow-up1·6 hours agoI’ve been waiting for the L7 host policies before applying it to the host, looks like beta is here. I’ll give that a shot.
Nice work! This was the reason I moved my homelab stack to k8s with Cilium.
Same here. K8s makes stuff like this so mucb easier, since you can declaratively control traffic flow via NetworkPolicies.
And with cilum you ca use hubble to visualize whay traffic is currently happening, in order to figure out what is actually needed.
I also use Cilium as my host based firewall instead of ufw/firewalld.
https://docs.cilium.io/en/latest/security/host-firewall/
I’ve been waiting for the L7 host policies before applying it to the host, looks like beta is here. I’ll give that a shot.