feat: add firewall explanation#286
Conversation
l0wl3vel
force-pushed
the
feat/firewall-explanation
branch
from
c3587e1 to
b5c304a
Compare
✅ Deploy Preview for metal-stack-io ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview for metal-stack-io ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
vknabel
left a comment
vknabel
left a comment
There was a problem hiding this comment.
Where possible try to avoid we and you. Try to document the facts and concepts :)
Signed-off-by: Benjamin Ritter <benjamin.ritter@x-cellent.com>
Co-authored-by: Valentin Knabel <dev@vknabel.com>
Co-authored-by: Valentin Knabel <dev@vknabel.com>
Co-authored-by: Valentin Knabel <dev@vknabel.com>
Signed-off-by: Benjamin Ritter <benjamin.ritter@x-cellent.com>
Signed-off-by: Benjamin Ritter <benjamin.ritter@x-cellent.com>
l0wl3vel
force-pushed
the
feat/firewall-explanation
branch
from
cfd2c45 to
630d4d7
Compare
Signed-off-by: Benjamin Ritter <benjamin.ritter@x-cellent.com>
l0wl3vel
force-pushed
the
feat/firewall-explanation
branch
from
8d610ab to
5a22d9e
Compare
Signed-off-by: Benjamin Ritter <benjamin.ritter@x-cellent.com>
l0wl3vel
force-pushed
the
feat/firewall-explanation
branch
from
5a22d9e to
f89c57b
Compare
The Gardener project handles docs the same way I think their reasoning, that active voice and conversational style increases readability, is sound. And looking at their docs they also mix active and passive. Active voice is used when talking about opinions, suggestions, calls for action, task descriptions, where clarity on who the actor is important. While they use passive when talking about facts or make statements. |
simcod
left a comment
simcod
left a comment
There was a problem hiding this comment.
The section is not appearing in the rendered output.
|
|
||
| In short, to offer comparable features to our current solution, we would need to disable ASIC offloading and either punt all traffic to either the weak main switch CPU, causing unpredictable performance or use specialized DPUs. | ||
|
|
||
| ## Creating a Firewall |
There was a problem hiding this comment.
Good idea! I suggest creating an issue and leaving it out in order to merge this PR.
|
|
||
| Firewall Machines are managed by metal-stack. The local state of Firewall machines is ephemeral, as the authoritative configuration is stored in metal-api. Manual changes to the configuration are not supported and will be overridden. Use metalctl or Firewall CRDs to apply changes to firewall configuration. | ||
|
|
||
| (fire-walling in metal-stack, firewall-controller and headscale integration) |
|
|
||
| Only firewalls can have multiple networks attached. | ||
|
|
||
| Firewalls do not require specialized hardware. For most scenarios any of your Machine SKUs can be used as a Firewall. |
There was a problem hiding this comment.
With SKUs you mean the available machine sizes, right? How about using metal-stack terminology?
3 participants
Signed-off-by: Benjamin Ritter benjamin.ritter@x-cellent.com
Description
add firewall explanation
Used AI-Tools ✨