-
Sheogorath authoredThis patch finally upstreams the currently used terraform setup for the gateway machine at Hetzner. This should provide better insights into the infrastructure and help people to learn from the setup. It also helps to keep the automation level high and using terraform more actively to keep these servers running. The gateway server is the frontend reverse proxy for all web-originating traffic and provides a simple setup, that runs a L4 HAProxy to forward all traffic to the Kubernetes cluster, where it's terminated and handled. This allows to keep the cloud server stupid and not being able to compromise a connection (at least not more than any other middlebox). This keeps the trust away from the cloud provider.
Sheogorath authoredThis patch finally upstreams the currently used terraform setup for the gateway machine at Hetzner. This should provide better insights into the infrastructure and help people to learn from the setup. It also helps to keep the automation level high and using terraform more actively to keep these servers running. The gateway server is the frontend reverse proxy for all web-originating traffic and provides a simple setup, that runs a L4 HAProxy to forward all traffic to the Kubernetes cluster, where it's terminated and handled. This allows to keep the cloud server stupid and not being able to compromise a connection (at least not more than any other middlebox). This keeps the trust away from the cloud provider.