K
Q

How can I write a minimal egress NetworkPolicy for a workload that talks to the Kubernetes API server on GKE?

12/5/2018

I want to write a minimal egress NetworkPolicy for a workload running on GKE that needs to talk to the apiserver.

Is there any other way of doing this other than creating the cluster, getting the address of the LB fronting the apiserver(s) and then templating this into a NetworkPolicy? Is there any way of picking an external apiserver IP beforehand that can remain static over cluster recreates? Or, as a last resort, getting some list of CIDRs that GKE will always choose the apiserver LB IP from?

-- dippynark
google-cloud-platform
google-kubernetes-engine
kubernetes

Similar Questions

kubernetes : deployment fails Error response from daemon: OCI runtime create failed:
AKS Get Access Profile In Java
Connection refused when trying to connect to services in Kubernetes
cfg file not resolved when trying to import python library from zip included to a path

1 Answer

12/5/2018

best choice is to use calico by enabling network policy on GKE, check this documentation, and here are some tips to Allow or Denie ingress or engress

-- Alioua
Source: StackOverflow