K
Q

Firewall Rules between GKE and GAE

3/30/2020

Trying to setup firewall rules between A private cluster on GKE and GAE. The cluster forwards requests to the application in GAE (python3 environment).

The GKE cluster is connected to a NAT service, which has a an external IP. I want to close app engine environment, but only the cluster should be allowed to access GAE.

When implemented a firewall rule (on app engine level and general VPC firewall level) to allow or deny the staticIP of the NAT, the rule does not get implemented. When removed the NAT, the cluster cannot send any request to GAE. Is something missing here?

Important to Note is that our cluster and GAE environment are in different regions. After adding X-Forwarded-For header to the code in GAE, it returned serval IP adresses, one of the cluster node (internal IP) and 2 others that were unfamilier, I did not see the NAT static IP address. Even when I denied both IPs the firewall did allow them to connect.

-- user13151408
firewall
google-cloud-platform
kubernetes

Similar Questions

what is ther difference between {{- range .Values.xxx }} and {{ range .Values.xxx }} in helm
Connect to dynamically create new cluster on GKE
no space left on device, which is unexpected. MountVolume.SetUp failed for volume in kubernetes cluster
Setting up kubernetes dashboard for typhoon

0 Answers