K
Q

Google Identity-Aware-Proxy and Firewall Rules for Google Kubernetes Engine

6/20/2018

I want to configure Google Identity Aware Proxy for an application running on Google Kubernetes Engine. To do that i added an Ingress to my Kubernetes Configuration so i get a Load-Balancer to configure as an identity-aware-proxy.

Now GCP shows me a few warnings that are about problematic firewall rules. As all of these rules were configured by GKE i'm not quite sure if they are a problem.

FirewallRules

As far as i understand it 10.128.0.0/9 is the default VPC for projects and 10.56.0.0/14 is the ip range for all containers in my kubernetes cluster.

To me this means that "only" internal traffic inside my project/kubernetes-cluster can bypass the IAP. Is that correct?

-- Laures
google-compute-engine
google-iap
google-kubernetes-engine

Similar Questions

kubernetes, port omitted when ingress-nginx redirects
pod.containers.spec.resources doesn't work (limits and requests) Kubernetes
ICP 1.2.0 Module failure
Deleting path from kubernetes ingress with java kubernetes-client
Azure Key Vault using manage identity in AKS

2 Answers

6/26/2018

You’re correct. However, keep in mind that if you have set up an internal load balancer the traffic will bypass the IAP.

-- hachemon
Source: StackOverflow
8/3/2018

Note, you can natively integrate with IAP through Ingress https://cloud.google.com/iap/docs/enabling-kubernetes-howto

-- user1460675
Source: StackOverflow