K
Q

Network Policy to access Google Cloud Storage Bucket

8/26/2019

I have a GKE cluster running that hosts an app that needs access to the storage buckets. For that purpose I am making use of gsutils.

The current Network Policy is very restrictive and I only allow access to endpoints that really need it. With my policy in place, if I login to my Pod and run gsutil ls, I get

jenkins@ptbkn:~$ gsutil ls
INFO 0826 18:13:03.702595 retry_util.py] Retrying request, attempt #1...
INFO 0826 18:14:05.556362 retry_util.py] Retrying request, attempt #2...
INFO 0826 18:15:09.331261 retry_util.py] Retrying request, attempt #3...

But the moment I take down the Network Policy, I can see all my buckets.

jenkins@ptbkn:~$ gsutil ls
gs://abc/
gs://xyz/
.
.

Now Im unsure of how can I specify the Network Policy rules. Meaning that Im unaware of what IP ranges / hostnames / Ports should I add to my network policy to whitelist Google Cloud Storage. Can someone help me out with this ?

-- Jason Stanley
google-cloud-platform
google-cloud-storage
google-kubernetes-engine
kubernetes-networkpolicy

Similar Questions

How to externally check Kubernetes readiness on deployment?
List of Kubernetes RBAC rule verbs
uWSGI configuration in Kubernetes
Update deployment labels using "kubectl patch" does not work
Helm3 loses the revision
Why cant create file inside nginx container?

1 Answer

8/27/2019

You could try adding dl.google.com and www.googleapis.com this will help for gsutil, also in this Google Documentation the example mentions an IP range 199.36.153.4/30 for Google APIs and Services.

-- Adad O.
Source: StackOverflow