We are deploying our companies first (RBAC enabled) kubernetes cluster for internal usage. The employees should be allowed to access it with their own (certificate based) credentials. The cluster is online available and hosted in a datacenter.
Should we allow the access throug a SSH tunnel/login only or is it save to publish the API server and disallow anonymous login?
Appreciate any advice!