i’ve been mucking about with calico on my #homelab #kubernetes cluster, and it took me far far too long to visit the whisker console: https://docs.tigera.io/calico/latest/observability/view-flow-logs
this is unbelievably helpful for debugging firewall rules
i’m very tempted to switch to calico on my non-k8s systems now (e.g. Linux gaming PC), so i can be back to only having 1 firewall abstraction in my brain
You must log in or register to comment.
- priapus@piefed.socialEnglish7 months
Looks neat, but I can’t seem to find docs for non-container workloads. I’m using microvms and using it with them would be cool.
If you want an easy firewall option for a gaming PC, I’d recommend looking at Portmaster
- 7 months
I just installed Ciliium (another Kubernets CNI), and it also comes with a host based firewall, and an observability tool.
I didn’t have Hubble (observability tool enabled), but I previously didn’t have a firewall, and I finally decided to enable it, which caused my ceph deployment to fail. This will help me figure out where it is failing and what rules are needed to remediate it.
- 7 months
I’ve been told that it struggles at very high scale. But other than that, everyone I know of who has tried it, like it.