K
Q

Google cloud : network tags + Firewall rules

10/9/2017

Each time I try to use network tags to restrict access instead to use IP address (specially with scalable instances) I get timeout.

I try the following : Compute instances -> Kubernetes Loadbalancer -> containers cluster If I set the same network tags on my source (compute instances) and Firewall's source network tag, I get no response. But if I use source IP, no problem connectivity. I'm not sure if problem is not realated to AMI, service account or compute instances and Kubernetes ressources communications... thanks for you help

-- julisil
gcp
google-cloud-platform
google-compute-engine
google-kubernetes-engine

Similar Questions

Kubernetes Kubeadm single node, dashboard "malformed http response"
Cloud sql proxy crashing on kubernetes
Openshift: Error creating container in migration to Onlive V3
Multiple databases in postgres with Kubernetes?

1 Answer

10/10/2017

It sounds like you're hitting an edge case bug where if you tag your GCE instances and GKE nodes with the same tag, the firewall rule gets confused (if I'm reading your question correctly). Can you assign different tags to the GCE instances and GKE nodes and try to create a firewall rule using those tags?

-- Yuri Grinshteyn
Source: StackOverflow