https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# harvester
a
This message was deleted.
a
you can install a single-node cluster, of course, it has no HA
r
I know, but it would be exposed on the internet so it probably very likely there would be a lot of bruteforce attacks. Without 2FA ( and ssh certificates ) is it very dangerous.
a
it is true; Harvester does not support 2FA now
on most deployments, Harvester is behind kind of firewall etc. instead of exposing to internet directly
otherweise, even 2FA is still not enough
FOR LB, is your Harvester working with flat network or VLAN ?
r
I would like to see OIDC/SAML or 2FA support and ssh key based authentication to nodes, but its probably not on the roadmap, without it, its not safe to use it on the edge like for my use case.
I guess that LB has to work on flat network where I have "public" IPs, it should just proxy connections to VM network ( VLAN ) ,right ?
Or at least this is the concept from clouds..
👍 1
a
yes, the LB can get IP from the ip pools (your couple of IPs) and LB the traffic to a group of backend VMs.
r
So it should work..
Is OIDC/SAML or/and 2FA for Harvester on the Roadmap ?
a
TBH, it is not planed yet
q
@red-queen-31013, why don't you access your Harvester cluster through Rancher and keep private the native Harvester console?. That way you can benefit from the whole range of Rancher auth providers. If you are using Harvester 1.2, there's a new add-on that allows you to deploy Rancher within the Harvester cluster so you don't need to have an external cluster to achieve that. Have a look here: https://docs.harvesterhci.io/v1.2/advanced/addons/rancher-vcluster/
👍 1
Open in Slack
PreviousNext
Powered by