如何将 Kubernetes 集群 IP 列入白名单
[英]How to IP whitelist a Kubernetes cluster
问题描述
So I have a kubernetes cluster running in Google Cloud.
所以我有一个在 Google Cloud 中运行的 kubernetes 集群。 And from pods inside the cluster I need to access an external DB which has IP whitelisting configured.从集群内的 pod 中,我需要访问一个配置了 IP 白名单的外部数据库。 It seems that I need a static, shared IP for the cluster's outgoing traffic, what's the best approach?似乎我需要一个静态的共享 IP 用于集群的传出流量,最好的方法是什么?
Setting up a service IP seems irrelevant as that's for inbound traffic.设置服务 IP 似乎无关紧要,因为这与入站流量无关。 I looked into Cloud NAT and it seems promising, but I'm not exactly sure about how to set that up.我研究了Cloud NAT ,它看起来很有希望,但我不确定如何设置它。 Any docs/tutorial would be helpful, thanks!任何文档/教程都会有所帮助,谢谢!
1 个解决方案
解决方案1
2 已采纳 2020-02-23 03:33:32
According the docs when traffic goes out of a kubernetes cluster in GKE it will get SNATed with the IP of the node.根据文档,当流量从 GKE 中的 kubernetes 集群流出时,它将使用节点的 IP 进行 SNAT。 So you could whitelist the IPs of all GKE kubernetes cluster nodes.因此,您可以将所有 GKE kubernetes 集群节点的 IP 列入白名单。
Here is some best practices on connecting to external services from Kubernetes cluster. 以下是从 Kubernetes 集群连接到外部服务的一些最佳实践。 An example for connecting to Cloud SQL from Google Kubernetes Engine.从 Google Kubernetes Engine 连接到 Cloud SQL 的示例。
An example setup of Cloud NAT on GKE. GKE 上的 Cloud NAT 设置示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.