Table of Contents

Search

  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

Create firewall rules in the VPC network

Create firewall rules in the VPC network

Create a firewall rule for the VPC network to allow TCP traffic from the IP addresses of the Secure Agent machine and the NAT gateway.
In Google Cloud, create a firewall rule for the VPC network with the following configuration:
  • Set the direction of traffic to ingress traffic.
  • Allow matches.
  • Add the following target tag:
    k8s-infa-resource
  • Set the primary source filter to filter by IP ranges. Use CIDR notation to set the source IP ranges to the static IP addresses of the Secure Agent machine and the NAT gateway created in step 2.
  • Set the secondary source filter to filter by source tags. Add the following source tag:
    k8s-infa-resource
  • Specify the following protocols and ports:
    • TCP ports: 22, 80, 6443, 10250, 10251, 10252, 30000-32767, 2379-2380, 178-180
    • Other protocols:
      ipip
The following image shows how the firewall rule might appear in the Google Cloud Console: In the Google Cloud Console, under VPC Network, the Firewall tab is selected and the details of a firewall rule are open. Annotations highlight the settings for Direction, Action on match, Targets, Source filters, and Protocols and ports.

0 COMMENTS

We’d like to hear from you!