如何在谷歌容器引擎中为Kubernetes集群创建防火墙
[英]How to create firewall for kubernetes cluster in google container engine
问题描述
This may be an extremely simple question, but I can't seem to figure out how to only allow my kubernetes cluster to be accessible ONLY from my office IP. 
这可能是一个非常简单的问题,但是我似乎无法弄清楚如何仅允许从我的办公室IP访问我的kubernetes集群。
In my firewall rules I see my rules for the gke nodes to be 2 internal ips and my office ip. 在我的防火墙规则中,我看到我的gke节点的规则是2个内部ips和我的办公室ip。
I also see a firewall rule for an external ip range that I don't see in my external IP addresses. 我还看到了针对外部IP范围的防火墙规则,我在外部IP地址中看不到该规则。 That IP address also doesn't appear in my load balancer IPs... 该IP地址也没有出现在我的负载均衡器IP中...
Finally I have a loadbalancing firewall rule that allows the external IP ranges from the load balancing tab, which are my kubernetes ingress rules. 最后,我有一个负载平衡防火墙规则,该规则允许负载平衡选项卡中的外部IP范围,这是我的kubernetes入口规则。
Long story short, how do I only allow my kubernetes cluster to be only accessible from my office IP? 长话短说,我如何只允许从我的办公室IP访问我的kubernetes集群?
1 个解决方案
解决方案1
4 已采纳 2017-04-11 04:07:39
This isn't currently possible in Google Container Engine. 目前在Google Container Engine中无法实现。
You don't see any firewall rules for your cluster control plane because it isn't running inside your cloud project. 您看不到集群控制平面的任何防火墙规则,因为它没有在您的云项目中运行。 Therefore the endpoint for your cluster won't show up in your networking views and you cannot add firewall rules to restrict access to it. 因此,群集的端点不会显示在网络视图中,并且您无法添加防火墙规则来限制对其的访问。
This is a shortcoming that the team is aware of and we hope to be able to provide a solution for you in the future. 团队意识到这是一个缺点,我们希望将来能够为您提供解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.