如何为 GKE 设置防火墙
[英]How to setup Firewall for GKE
问题描述
I can't use the external IP of the GKE I deployed it a success by Jenkins and below is:
我无法使用 GKE 的外部 IP,我通过 Jenkins 成功部署了它,下面是:
when i run " kubectl get service":当我运行“kubectl get service”时:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello LoadBalancer 10.92.14.31 34.170.30.56 8080:31110/TCP 2d21h
I checked my deployment.yaml and i think no problem with it bellow is file:我检查了我的 deployment.yaml,我认为下面的文件没有问题:
spec:
containers:
- name: hello
image: azmassage/hello:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: hello
---
apiVersion: v1
kind: Service
metadata:
name: hello
spec:
ports:
- protocol: TCP
port: 8080
nodePort: 31110
selector:
app: hello
tier: hello
type: LoadBalancer
Footer
and I think this is the problem with firewalls after I create the firewall rule:我认为这是创建防火墙规则后防火墙的问题:
I can't connect and use it bellow is ms test:我无法连接并使用它,下面是 ms 测试:
admin_@cloudshell:~$ curl http://34.170.30.56:8080
curl: (7) Failed to connect to 34.170.30.56 port 8080: Connection refused
2 个解决方案
解决方案1
0 2022-12-23 12:44:18
When a cluster or its resources (including Services and Ingresses) are created, Google Kubernetes Engine automatically generates and manages firewall rules.创建集群或其资源(包括服务和入口)时,Google Kubernetes Engine 会自动生成和管理防火墙规则。
For more information, please check Automatically created firewall rules in the Google Kubernetes Engine documentation.有关更多信息,请查看 Google Kubernetes Engine 文档中的自动创建的防火墙规则。
A VPC network and a set of components that define what the rule does are specified when creating a VPC firewall rule.创建 VPC 防火墙规则时指定 VPC 网络和一组定义规则作用的组件。 The parts empower you to focus on specific sorts of traffic, in light of the traffic's convention, objective ports, sources, and objections.这些部分使您能够根据流量的惯例、目标端口、来源和异议专注于特定类型的流量。 See components of a firewall for more details.有关详细信息,请参阅防火墙组件。
At the point when you make a LoadBalancer Administration, GKE makes a VPC firewall rule relating to the Help.当你创建 LoadBalancer 管理时,GKE 会创建一个与帮助相关的 VPC 防火墙规则。 The following characteristics are found in each firewall rule:在每个防火墙规则中发现以下特征:
Since the load balancer is a part of your network, you can make an ingress firewall rule to allow or deny any source IP with a " tag "由于负载均衡器是您网络的一部分,您可以制定入口防火墙规则以允许或拒绝任何带有“ 标签”的源 IP
Refer this document for more information请参阅此文档以获取更多信息
There is a similar query addressed in this stack link此堆栈链接中有一个类似的查询
解决方案2
0 2022-12-23 13:26:57
I'm not sure, but maybe make sense to open 31110 port on the firewall and check it with curl?我不确定,但在防火墙上打开 31110 端口并用 curl 检查它可能有意义吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.