Improve internal firewall rules on Google Cloud

* Whitelist internal traffic between controllers and workers * Switch to tag-based firewall policies rather than source IP
2025-07-17 03:01:35 +02:00 · 2017-11-07 23:21:12 -08:00
parent b1b611b22c
commit 451fd86470
4 changed files with 94 additions and 22 deletions
--- a/google-cloud/container-linux/kubernetes/controllers/controllers.tf
+++ b/google-cloud/container-linux/kubernetes/controllers/controllers.tf
@ -48,6 +48,7 @@ resource "google_compute_instance" "controllers" {
  }

  can_ip_forward = true
+  tags = ["${var.cluster_name}-controller"]
 }

 # Controller Container Linux Config