Improve internal firewall rules on Google Cloud

* Whitelist internal traffic between controllers and workers * Switch to tag-based firewall policies rather than source IP
2025-08-09 11:36:03 +02:00 · 2017-11-07 23:21:12 -08:00
parent b1b611b22c
commit 451fd86470
4 changed files with 94 additions and 22 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -14,6 +14,7 @@ Notable changes between versions.
 * Change etcd to run on-host, across controllers (etcd-member.service)
 * Change controller instances to automatically span zones in the region
 * Change worker managed instance group to automatically span zones in the region
+* Improve internal firewall rules and use tag-based firewall policies
 * Remove support for self-hosted etcd
 * Remove the `zone` required variable
 * Remove the `controller_preemptible` optional variable