Capybara
Reputation: 1
Whitelist filter with k8s Gateway API GCP
k8s Ingress allows to filter IPs through annotation nginx.ingress.kubernetes.io/whitelist-source-range.
How can i to do the same through Gateway Api in GCP? https://cloud.google.com/kubernetes-engine/docs/concepts/gateway-api
I have not found any exemples of such behaviour for Gateway Api
Upvotes: 0
Views: 895
Answers (1)
Gari Singh
Reputation: 12053
Allow listing IP addresses is enforced via Cloud Armor policies. For example, you can use a rule like inIpRange(origin.ip, '198.51.100.0/24') in a Cloud Armor security policy.
With the Gateway API, you can then use gateway policies to attach a Cloud Armor policy to your Gateway:
apiVersion: networking.gke.io/v1
kind: GCPBackendPolicy
metadata:
name: my-backend-policy
namespace: lb-service-namespace
spec:
default:
securityPolicy: example-security-policy
targetRef:
group: ""
kind: Service
name: lb-service
Upvotes: 0
Related Questions
- GKE Gateway API httproute not working for https between load balancer and application
- GCP - Gke standalone, how to masquerade 10.0.0/8 cidr
- Whitelisting an IP address in nginx ingress controller
- validation error for multiingress yaml file for GKE
- OpenAPI config for a Graphql backend using GCP API Gateway?
- Error in implementing WebSocket in Kubernetes
- What are kubernetes or google kuberenetes engine "workloads"?