Linux

10165 readers

880 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

calico in Kubernetes is so helpful, I want it everywhere (docs.tigera.io)

submitted 2 days ago by cm0002@libretechni.ca to c/linux@programming.dev

3 comments fedilink hide all child comments

i've been mucking about with calico on my #homelab #kubernetes cluster, and it took me far far too long to visit the whisker console: https://docs.tigera.io/calico/latest/observability/view-flow-logs

this is unbelievably helpful for debugging firewall rules

i'm very tempted to switch to calico on my non-k8s systems now (e.g. Linux gaming PC), so i can be back to only having 1 firewall abstraction in my brain

top 3 comments

sorted by: hot top controversial new old

[–] priapus@piefed.social 2 points 2 days ago

Looks neat, but I can't seem to find docs for non-container workloads. I'm using microvms and using it with them would be cool.

If you want an easy firewall option for a gaming PC, I'd recommend looking at Portmaster

[–] moonpiedumplings@programming.dev 2 points 2 days ago

I just installed Ciliium (another Kubernets CNI), and it also comes with a host based firewall, and an observability tool.

collapsed inline media

I didn't have Hubble (observability tool enabled), but I previously didn't have a firewall, and I finally decided to enable it, which caused my ceph deployment to fail. This will help me figure out where it is failing and what rules are needed to remediate it.

[–] Modern_medicine_isnt@lemmy.world 1 points 1 day ago

I've been told that it struggles at very high scale. But other than that, everyone I know of who has tried it, like it.