Reputation: 1
Allow http requests from front-end GKE app in GCloud Armor WAF
I'm configuring a GCloud Armor to restrict access to my API which is deployed in GKE behind and ingress. Some of the petitions come directly from de front-end which is also deployed in the GKE cluster and I need to allow those requests. This front-end has currently 2 pods and I have tested that It works when I allow in GCloud Armor the external IPs of the nodes where those pods are deployed. Of course this is not a valid solution since the pods may change from nodes and the nodes are also volatile.
I have also an ingress for the front service which has a static IP, however allowing this IP in GCloud Armor doesn't work and still blocks the requests.
What's the best solution to solve this problem? Isn't there any option to set the front load balancer IP as the origin IP?
Thanks in advance!
Upvotes: 0
Views: 218
Answers (2)
Reputation: 1
I solved It using tke kubernetes service as the endpoint for api calls from my front server. It is not what I intended at start but is a workaround.
Upvotes: 0
Reputation: 37
As workaround, you may create private GKE cluster https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters
and allow CloudNAT IP on CloudArmor.
Upvotes: 0
Related Questions
- Limit dropdown string to just the first word in the string
- Dropdown list elements contains substring/pattern : Disable element
- How to target the first character of a word using Javascript
- remove specific char from string depending on the selected dropdown value
- To get string from selected text in javascript?
- Get the first html dropdown value using jquery to the text field
- How to remove part of text in a dropdown list?
- Select specific one word among multiple words in a dropdown option
- How do I get the first char of the selected text from dropdown and put it into textbox?
- Show first character of selected option in Select