K
Q

Apply annotations for load balancer on GCP when installing jenkins using helm on GKE

2/28/2020

I want to install jenkins using its official helm chart on GKE.

I want to expose the agent service (port 50000) using LoadBalancer (will be hitting it from some remote agents).

Will this annotation

service.beta.kubernetes.io/load-balancer-source-ranges: "172.0.0.0/8, 10.0.0.0/8"

also help secure a GCP load balancer, or is it only applicable on AWS?

Will the agents initiated internally in GKE still have to pass through the internet to reach the service, or will they be routed internally to the corresponding agent service?

-- pkaramol
jenkins
kubernetes
kubernetes-helm

Similar Questions

some common jars share to multiple Kubernetes Pods
Fail to replace kubernetes statefulsets using fabric8 maven plugin
Kubernetes Dashboard not connecting in the network
Kubernetes Best Practices - Exposing arbitrary number of pods to the internet

1 Answer

2/28/2020

If you are asking about capability to whitelist firewalls using 'loadBalancerSourceRanges' parameter service.beta.kubernetes.io/load-balancer-source-ranges annotation is supported and often use on GCP.

Here is example Loadbalancer service with defined source-ranges:

apiVersion: v1
kind: Service
metadata:
  name: example-loadbalancer
  annotations:
    service.beta.kubernetes.io/load-balancer-source-ranges: "172.0.0.0/8, 10.0.0.0/8"
spec:
  type: LoadBalancer
  ports:
  - protocol: TCP
    port: 8888
    targetPort: 8888

Unlike Network Load Balancing, access to TCP Proxy Load Balancing cannot be controlled by using firewall rules. This is because TCP Proxy Load Balancing is implemented at the edge of the Google Cloud and firewall rules are implemented on instances in the data center. enter image description here Useful documentations: gcp-external-load-balancing, load-balancing.

-- MaggieO
Source: StackOverflow