如何在GKE服务中添加防火墙规则? [英] how do I add a firewall rule to a gke service?

问题描述

我不清楚该怎么做.

我为集群创建服务是这样的:

I create a service for my cluster like this:

kubectl expose deployment my-deployment --type=LoadBalancer --port 8888 --target-port 8888

现在可以从端口8888上的Internet访问我的服务.但是我不希望这样做，我只想从特定的公共IP列表中访问我的服务.如何将gcp防火墙规则应用于特定服务?尚不清楚其工作方式以及默认情况下为什么可以从Internet公开访问该服务.

And now my service is accessible from the internet on port 8888. But I dont want that, I only want to make my service accessible from a list of specific public IPs. How do I apply a gcp firewall rule to a specific service? Not clear how this works and why by default the service is accessible publicly from the internet.

推荐答案

loadBalancerSourceRanges似乎可以正常工作，并且还可以为服务动态更新GCE防火墙规则

loadBalancerSourceRanges seems to work and also updates the dynamically created GCE firewall rules for the service

apiVersion: v1
kind: Service
metadata:
  name: na-server-service
spec:
  type: LoadBalancer
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  loadBalancerSourceRanges:
  - 50.1.1.1/32

这篇关于如何在GKE服务中添加防火墙规则?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！