This patch finally upstreams the currently used terraform setup for the
gateway machine at Hetzner. This should provide better insights into the
infrastructure and help people to learn from the setup.

It also helps to keep the automation level high and using terraform more
actively to keep these servers running.

The gateway server is the frontend reverse proxy for all web-originating
traffic and provides a simple setup, that runs a L4 HAProxy to forward
all traffic to the Kubernetes cluster, where it's terminated and handled.

This allows to keep the cloud server stupid and not being able to
compromise a connection (at least not more than any other middlebox).
This keeps the trust away from the cloud provider.

Currently the resolv.conf was deleted but not properly replaced. This
patch adjust that and makes sure things are put in the right place.

This patch adds the required firewall rules to automatically allow ssh
access from the local machine (but only from this machine) to all
Kubernetes notes.

Internal networks have been removed from the concept. Therefore they
should no longer be mentioned in the README.

Terraform leaves timestamp-based tfstate backups in the terraform
directory, which don't need to remain after a destroy. This patch fixes
the problem by adding the remaining files to the cleanup command ran
after `terraform destory`.

With nginx-ingress in place (or any other ingress-controller), this
patch provides the required DNS entires that can be used directly or as
part of a CNAME entry.

This patch adjust the label selectors for the loadbalancer and splits
into the expected ingress and master labels to correspond with the
firewall rules.

This reverts commit d1106014.

This reverts commit 8701a6ee.

After being super frustrated with calico and hetzner firewalls, 
fingers crossed that his will hold up. This patch introduces cilium to
the gitops repository, sets up the firewall rules and adds the CLI to
koolbox.

I spend way too much time on debugging calico in various areas. It seems
like something is borken with the firewall and only when I disable it
completely, it'll work. This is not practical and also not acceptable.

The hetzner terraform module for firewall has a description field added.
This should result in description not just being in terraform as
comment, but as description also in the firewall rules themselves on the
webinterface.