claude e43f4dfc90
Some checks failed
PR Checks / tofu-checks (pull_request) Failing after 3s
1/1 projects planned successfully.
K8s security hardening + scaling to half bare_srv_1
Security:
- Remove DNAT/FW rules for K8s API (6443) and ArgoCD (30443)
- Access now via SSH tunnel (k8s-tunnel.service on control plane)
- Keep monitoring DNAT (9200-9202) restricted to control plane IP

Scaling:
- k8s-master: 4 CPU, 16GB RAM, 100GB disk
- k8s-worker-01: 6 CPU, 24GB RAM, 450GB disk
- k8s-worker-02: 6 CPU, 24GB RAM, 450GB disk (NEW)
- Total: 16 CPU, 64GB RAM, 1TB disk (half of bare_srv_1)
2026-02-14 09:32:08 +01:00
2026-02-08 23:32:37 +01:00

infrastructure

OpenTofu IaC — Proxmox VMs, networking, storage

Description
OpenTofu IaC — Proxmox VMs, networking, storage
Readme 198 KiB
Languages
HCL 86.6%
Open Policy Agent 13.4%