

RethinkDB and CoreOS: Navigating Digital Ocean Together - neumino
http://blog.justonepixel.com/geek/2014/10/03/rethinkdb-and-coreos/

======
dividuum
Please note that private networking on DigitalOcean doesn't limit this network
interface to your own instances. All other customers on the same datacenter
can connect to services exposed there. I don't have any experience with
RethinkDB, so I might be wrong here, but you probably opened up your cluster
to all other customers.

~~~
neumino
Thanks, I didn't pay enough attention to that.

A simple fix is to run some `iptable` commands in the discovery service and
allow only the servers listed in `announce/services` to connect.

~~~
opendais
MitM.

Be sure to at least do it via SSL or stunnel or something.

~~~
toomuchtodo
Also have your client verify the SSL fingerprint if possible.

------
coffeemug
The `fleetctl` command is incredible. Just being able to say "give me six
RethinkDB nodes" without having to ssh into six machines, or writing
chef/puppet scripts feels like a small improvement, but it makes everything
dramatically better in practice.

