Google容器注册表将哪些IP范围用于其构建工具? [英] Which ip ranges does the google container registry use for its build tools?

问题描述

我正在使用一些自定义库，这些库托管在私有pypi服务器上(在Google Compute Engine实例中运行).

I'm working with some custom libraries, which are hosted on a private pypi server (running in a Google Compute Engine instance).

在将应用程序部署到Google App Engine时，我想包括这些库，并且想知道是否有可能仅向Google Cloud Platform构建服务器开放私有pypi防火墙.

I would like to include the libraries when deploying an app to Google App Engine, and am wondering if it's possible to open up the private pypi firewall only to the Google Cloud Platform build servers.

我是否可以通过一种简单的方法来设置防火墙规则，以授予Google Container Registry构建服务器对我的GCE支持的pypi服务器的访问权限?

Is there an easy way for me to set up firewall rules to grant the Google Container Registry build servers access into my GCE backed pypi server?

推荐答案

我不建议您通过防火墙规则尝试这种安全性，因为我们无法提供您可以确定(1)不会的IP地址列表更改和(2)仅由 Google Container Builder 使用.相反，我建议您使用Cloud KMS在构建中包括加密的凭据，并对对私有服务器的请求进行身份验证.我们有在此处使用加密文件的文档(以及一些有关加密机密的其他文档即将发布.

I would not recommend attempting this sort of security via firewall rules as we cannot give you a list of IP addresses that we can be sure (1) won't change and (2) will only be used by Google Container Builder. Instead, I would recommend that you use Cloud KMS to include encrypted credentials in your build and authenticate the requests to your private servers. We have docs on using encrypted files here (and some additional documentation on encrypted secrets is coming soon).

这篇关于Google容器注册表将哪些IP范围用于其构建工具?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！