aula-06 e aula-08: Hetzner CSI Driver e segurança de rede

aula-06:
- Adicionar instalação do Hetzner CSI Driver no setup.sh
- Input interativo seguro para token da Hetzner Cloud
- Atualizar custom-values.yaml para n8n.kube.quest

aula-08:
- Adicionar regras de firewall para VXLAN e rede privada
- Configurar Flannel para usar interface privada (--iface-can-reach)
- Configurar kubelet.nodeIP.validSubnets para rede privada
- Corrigir segurança: VXLAN restrito a 10.0.0.0/8

aula-08/main.tf

@@ -130,6 +130,30 @@ resource "hcloud_firewall" "cluster" {
     source_ips = ["0.0.0.0/0", "::/0"]
   }
 
+  # Allow VXLAN for Flannel CNI (private network only - secure)
+  rule {
+    direction  = "in"
+    protocol   = "udp"
+    port       = "4789"
+    source_ips = ["10.0.0.0/8"]
+  }
+
+  # Allow all TCP traffic between cluster nodes (private network)
+  rule {
+    direction  = "in"
+    protocol   = "tcp"
+    port       = "any"
+    source_ips = ["10.0.0.0/8"]
+  }
+
+  # Allow all UDP traffic between cluster nodes (private network)
+  rule {
+    direction  = "in"
+    protocol   = "udp"
+    port       = "any"
+    source_ips = ["10.0.0.0/8"]
+  }
+
   # Allow all outbound traffic
   rule {
     direction  = "out"