如何在GKE服务中添加防火墙规则? [英] how do I add a firewall rule to a gke service?
本文介绍了如何在GKE服务中添加防火墙规则?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我不清楚该怎么做.
我为集群创建服务是这样的:
I create a service for my cluster like this:
kubectl expose deployment my-deployment --type=LoadBalancer --port 8888 --target-port 8888
现在可以从端口8888上的Internet访问我的服务.但是我不希望这样做,我只想从特定的公共IP列表中访问我的服务.如何将gcp防火墙规则应用于特定服务?尚不清楚其工作方式以及默认情况下为什么可以从Internet公开访问该服务.
And now my service is accessible from the internet on port 8888. But I dont want that, I only want to make my service accessible from a list of specific public IPs. How do I apply a gcp firewall rule to a specific service? Not clear how this works and why by default the service is accessible publicly from the internet.
推荐答案
loadBalancerSourceRanges
似乎可以正常工作,并且还可以为服务动态更新GCE防火墙规则
loadBalancerSourceRanges
seems to work and also updates the dynamically created GCE firewall rules for the service
apiVersion: v1
kind: Service
metadata:
name: na-server-service
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
loadBalancerSourceRanges:
- 50.1.1.1/32
这篇关于如何在GKE服务中添加防火墙规则?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文