stackoom
  简体   繁体   中英

Restrict access to some endpoints on Google Cloud

 原文  2022-07-23 10:51:57       google-cloud-platform/ networking/ proxy/ network-programming/ vpn

Question

I have a k8s cluster that runs my app (gce as an ingress) and I want to restrict access to some endpoints "/test/*" but all other endpoints should be publically available. I don't want to restrict for specific IP's to have some flexibility and ability to access restricted endpoints from any device like phones.

I considered IAP but it restricts access to the full service when I need it only for some endpoints. Hence extra.

I have thought about VPN. But I don't understand how to set this up, or would it even resolve my issues.

I have heard about proxy but seems to me it can't fulfill my requirements (?)

I can't tell that solution should be super extensible or generic because only a few people will use this feature.

I want the solution to be light, flexible, simple, and fulfill my needs at the same time. So if you say that there are solutions but it's complex I would consider restricting access by the IP, but I worry about how the restricted IP's approach is viable in the real life. In a sense would it be too cumbersome to add the IP of my phone every time I change my location and so on?

2 answers

solution1
 0  2022-07-23 22:43:31

You can use API Gateway for that. It approximatively meets your needs, it's not so flexible and simple.

But it's fully managed and can scale with your traffic.

For a more convenient solution, you have to use software proxy (or API Gateway), or go to the Bank and use Apigee

solution2
 0 ACCPTED  2022-07-27 15:19:10

I set up OpenVPN.

It was not a tedious process because of the various small obstacles but I encourage you to do the same.

  1. Get a host (machine, cluster, or whatever) with the static IP
  2. Setup an OpenVPN instance. I do docker https://hub.docker.com/r/kylemanna/openvpn/ (follow instructions but update a host -u YOUR_IP)
  3. Ensure that VPN setup works from your local machine
  4. To the routes you need limit IP access to the VPN one. Nginx example 
allow x.x.x.x;
deny all;
  1. Make sure that nginx treats IP right. I had an issue that the nginx was having Load Balancer IP as client IP's, so I have to put some as trusted. http://nginx.org/en/docs/http/ngx_http_realip_module.html
  2. Test the setup

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Restrict API key access to only one API in Google Cloud Endpoints Restrict access to Google Cloud Function Can I restrict access to a Google site to some Google Cloud Identity users? Restrict access to Google Cloud Functions to a given network? Throttling google cloud endpoints Google Cloud Endpoints security How to authenticate google cloud functions for access to secure app engine endpoints How to restrict access to URL deployed through google cloud run? Google Cloud Storage security: restrict bucket access by request domain Restrict access to a Google Cloud bucket to a certain IP range
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM