K
Q

Can the firewalls with k8s-fw* be deleted in GKE GCP

9/9/2019

Cloud Platform: GCP

Kubernetes Engine: GKE

For a Kubernetes service with Type=LoadBalanacer, a corresponding automatic firewall gets created to allow from 0.0.0.0/0 and the name of the firewall starts with k8s-fw.*

The more LoadBalancer service we have for a cluster the more automatic firewall gets created.

Is it possible to keep only one firewall rule for a cluster as all the firewall rules are same?

I tested it by deleting a firewall rule of a newly created LoadBalancer service as there was already firewall in place for the other LoadBalancer service and I was able to access application with the new LoadBalancer IP.

Please confirm if this can be done.

-- k_vishwanath
google-cloud-platform
google-kubernetes-engine
kubernetes
kubernetes-service

Similar Questions

Kubernetes Custom Autoscaler Prometheus Adapter Scaling Up Incorrectly
POD with mysql and wordpress
Why is kubeadm config's controlPlaneEndpoint necessary?
How can k8s be aware of service running on host?
How do I make Traefik pass on the x-forwarded-proto header?
multi-domain setup with Kubernetes nginx ingress
Redisson Tomcat Session Replication unique JSESSIONID
Kubernetes Failed on Docker Desktop for Windows
kubernetes pod keeps restarting after it was deleted
ingress-nginx controller install fail due to "failed getting validating webhook"
can flink on k8s use pv using NFS and pvc as the high avalibility storageDir
What could cause one side of the TCP connection in FIN_WAIT2 state and the other side is fully closed (i.e. not in CLOSE_WAIT state)?

1 Answer

9/9/2019

Yes, you can keep one and delete multiple firewall rules (gets created to allow from 0.0.0.0/0 and the name of the firewall starts with k8s-fw.*) for different loadbalancer services for application within the same GKE cluster. But, keep in mind that all the targetPort should be added to the firewall rule that you are keeping to allow from 0.0.0.0/0.

-- Hasanul Murad
Source: StackOverflow